) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.11
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2013-0582 |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response. Published: May 02, 2013; 2:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-3315 |
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. Published: November 08, 2012; 6:46:23 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |