CVSS: 8.0EPSS: 0%CPEs: 22EXPL: 0CVE-2014-0961
https://notcve.org/view.php?id=CVE-2014-0961
08 Jun 2014 — Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Tivoli Identity Manager (ITIM) 5.0 anterior a 5.0.0.15 y 5.1 anterior a 5.1.0.15 y IBM Security Identity Manager (ISIM) 6.0 anterior a 6.0.0.2 permite a usuarios remotos ... • http://secunia.com/advisories/59080 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2316
https://notcve.org/view.php?id=CVE-2009-2316
05 Jul 2009 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Tivoli Identity Manager (ITIM) v5.0, permiten a atacantes remotos inyectar secuencias de comando... • http://osvdb.org/55550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •