Skip to main content

Tivoli Federated Identity Manager

13 CVEs product

Monthly

CVE-2018-1443 MEDIUM This Month

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Access Manager Tivoli Federated Identity Manager
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2017-1319 HIGH PATCH This Week

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Federated Identity Manager
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-1320 MEDIUM PATCH This Month

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Federated Identity Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-4959 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Tivoli Federated Identity Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-1966 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Federated Identity Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3097 MEDIUM PATCH This Month

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Open Redirect Tivoli Federated Identity Manager
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-5429 LOW Monitor

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Tivoli Federated Identity Manager
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-5431 MEDIUM This Month

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Tivoli Federated Identity Manager Tivoli Federated Identity Manager Business Gateway
NVD
CVSS 2.0
5.8
EPSS
1.3%
CVE-2013-0582 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Federated Identity Manager Tivoli Federated Identity Manager Business Gateway
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6359 MEDIUM This Month

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft IBM Tivoli Federated Identity Manager Tivoli Federated Identity Manager Business Gateway
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-3310 LOW Monitor

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Tivoli Federated Identity Manager
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2012-3315 MEDIUM This Month

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass Tivoli Federated Identity Manager Tivoli Federated Identity Manager Business Gateway
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-3314 MEDIUM PATCH This Month

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Authentication Bypass IBM Tivoli Federated Identity Manager Tivoli Federated Identity Manager Business Gateway
NVD
CVSS 2.0
5.8
EPSS
0.2%
EPSS 0% CVSS 5.9
MEDIUM This Month

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Access Manager +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Tivoli Federated Identity Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Tivoli Federated Identity Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Tivoli Federated Identity Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Federated Identity Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM Open Redirect Tivoli Federated Identity Manager
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Tivoli Federated Identity Manager
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect IBM Tivoli Federated Identity Manager +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Federated Identity Manager +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft IBM +2
NVD
EPSS 0% CVSS 3.5
LOW Monitor

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Tivoli Federated Identity Manager
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass +2
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Authentication Bypass IBM Tivoli Federated Identity Manager +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy