Vulnerabilities > IBM > Tivoli Federated Identity Manager > 6.2.2.3

DATE CVE VULNERABILITY TITLE RISK
2017-05-22 CVE-2017-1320 Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2014-01-21 CVE-2013-5429 Improper Authentication vulnerability in IBM Tivoli Federated Identity Manager
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.
network
high complexity
ibm CWE-287
2.1
2.1
2013-05-02 CVE-2013-0582 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.
network
ibm CWE-79
4.3
4.3