Cross-Site Scripting Vulnerability in IBM Tivoli Federated Identity Manager
CVE-2013-0582

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 2 May 2013

Summary

A Cross-Site Scripting (XSS) vulnerability exists in IBM Tivoli Federated Identity Manager and its Business Gateway, affecting specific versions. This flaw allows remote attackers to inject arbitrary web scripts or HTML through specially crafted URLs that manipulate SAML 2.0 responses. If exploited, this vulnerability could lead to unauthorized actions or data exposure, emphasizing the need for immediate updates and rigorous security measures.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV26033

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21635688

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV26034

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 2, 2013