Cross-Site Scripting Vulnerabilities in IBM Tivoli Federated Identity Manager
CVE-2015-1966

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 4 July 2015

Summary

IBM Tivoli Federated Identity Manager has multiple cross-site scripting vulnerabilities that could be exploited by remote attackers. By crafting a specially designed URL, attackers can inject arbitrary web scripts or HTML through specific macros (ERROR_DESCRIPTION and TOKEN:RelayState) in affected versions of the product. This flaw allows attackers to potentially manipulate user interactions and access sensitive information.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21959071

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV74198

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1IV74199

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Jul 4, 2015
Vulnerability Reserved
Feb 19, 2015