CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1319
https://notcve.org/view.php?id=CVE-2017-1319
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. Tivoli Federated Identity Manager versión 6.2 de IBM, está afectado por una vulnerabilidad debido a la falta de un atributo seguro en la sesión cookie cifrada (SSL). ID de IBM X-Force: 125731. • http://www-01.ibm.com/support/docview.wss?uid=swg22002871 http://www.securitytracker.com/id/1038504 https://exchange.xforce.ibmcloud.com/vulnerabilities/125731 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.4EPSS: 0%CPEs: 40EXPL: 0CVE-2017-1320
https://notcve.org/view.php?id=CVE-2017-1320
IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732. Tivoli Federated Identity Manager versión 6.2 de IMB, es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22002877 http://www.securitytracker.com/id/1038505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4959
https://notcve.org/view.php?id=CVE-2015-4959
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 en versiones anteriores a FP16 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV77558 http://www-01.ibm.com/support/docview.wss?uid=swg21974157 http://www.securitytracker.com/id/1034697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1966
https://notcve.org/view.php?id=CVE-2015-1966
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros. Múltiples vulnerabilidades de XSS en IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 anterior a FP17, 6.2.1 anterior a FP9, y 6.2.2 anterior a FP15, utilizado en Security Access Manager for Mobile y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada, relacionado con los macros (1) ERROR_DESCRIPTION y (2) TOKEN:RelayState. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV74198 http://www-01.ibm.com/support/docview.wss?uid=swg1IV74199 http://www-01.ibm.com/support/docview.wss?uid=swg1IV74200 http://www-01.ibm.com/support/docview.wss?uid=swg21959071 http://www.securityfocus.com/bid/75537 http://www.securitytracker.com/id/1032767 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8923
https://notcve.org/view.php?id=CVE-2014-8923
The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file. El adaptador (1) IBM Tivoli Identity Manager Active Directory en versiones anteriores a 5.1.24 y el adaptador (2) IBM Security Identity Manager Active Directory en versiones anteriores a 6.0.14 para IBM Security Identity Manager en Windows, cuando ciertos niveles de registro y rastreo son configurados, almacena la contraseña de administrador en un archivo de registro, lo que permite a usuarios locales obtener información sensible leyendo un archivo. • http://www-01.ibm.com/support/docview.wss?uid=swg21699902 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •