CVE-2015-1966

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 4 July 2015

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21959071

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV74198

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1IV74199

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Jul 4, 2015
Vulnerability Reserved
Feb 19, 2015