CVSS: 5.4EPSS: 0%CPEs: 40EXPL: 0CVE-2017-1320
https://notcve.org/view.php?id=CVE-2017-1320
22 May 2017 — IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732. Tivoli Federated Identity Manager versión 6.2 de IMB, es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de us... • http://www.ibm.com/support/docview.wss?uid=swg22002877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-5429
https://notcve.org/view.php?id=CVE-2013-5429
21 Jan 2014 — The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. La funcionalidad de Acceso Basado en el Riesgo de IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 antes de FP9 y Tivoli Federated Identity Manag... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624 • CWE-287: Improper Authentication •