Vulnerabilities > IBM > Tivoli Federated Identity Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-08 | CVE-2018-1443 | Improper Authentication vulnerability in IBM products An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. | 5.9 |
2017-06-08 | CVE-2017-1319 | Inadequate Encryption Strength vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.1/6.2.2 IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. | 7.5 |
2017-05-22 | CVE-2017-1320 | Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. | 5.4 |
2016-01-18 | CVE-2015-4959 | Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager 6.2.2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |