Cross-Site Scripting Vulnerabilities in IBM Tivoli Access Manager
CVE-2010-4120

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Access Manager For E-business
Vendor: CVE Published:; 28 October 2010

Summary

Multiple cross-site scripting vulnerabilities exist within the TAM console of IBM Tivoli Access Manager for e-business. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through various parameters including 'parm1' in the ivtserver endpoint and method parameters in acl, domain, group, gso, gsogroup, os, pop, rule, user, or webseal endpoints. Exploiting these vulnerabilities could lead to unauthorized actions and theft of sensitive information.

References

http://osvdb.org/68892

vdb-entryx_refsource_OSVDB

http://osvdb.org/68891

vdb-entryx_refsource_OSVDB

http://osvdb.org/68885

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Oct 28, 2010
Vulnerability Reserved
Oct 28, 2010