ID

VAR-201305-0242


CVE

CVE-2013-0582


TITLE

IBM Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-002567

DESCRIPTION

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications

Trust: 1.98

sources: NVD: CVE-2013-0582 // JVNDB: JVNDB-2013-002567 // BID: 59591 // VULHUB: VHN-60584

AFFECTED PRODUCTS

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.1

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.8

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.10

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.11

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.9

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.1.3

Trust: 1.6

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.1.1

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.1.4

Trust: 1.6

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.1.2

Trust: 1.6

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.1

Trust: 1.3

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.2

Trust: 1.3

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.2

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.11

Trust: 1.0

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.1

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.1.4

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.9

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.2.3

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.3

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.8

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.1.3

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.1

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.2.2

Trust: 1.0

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.2

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.10

Trust: 1.0

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.3

Trust: 1.0

vendor:ibmmodel:tivoli federated identity managerscope:ltversion:6.2.1

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:ltversion:6.2.0

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.2.4

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:ltversion:6.2.1

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.12

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.1.5

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.12

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:ltversion:6.2.2

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.1.5

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:ltversion:6.2.0

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2

Trust: 0.3

sources: BID: 59591 // JVNDB: JVNDB-2013-002567 // CNNVD: CNNVD-201305-061 // NVD: CVE-2013-0582

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0582
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0582
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-061
value: MEDIUM

Trust: 0.6

VULHUB: VHN-60584
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-0582
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-60584
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-60584 // JVNDB: JVNDB-2013-002567 // CNNVD: CNNVD-201305-061 // NVD: CVE-2013-0582

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-60584 // JVNDB: JVNDB-2013-002567 // NVD: CVE-2013-0582

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-061

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201305-061

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002567

PATCH

title:1635688url:http://www-01.ibm.com/support/docview.wss?uid=swg21635688

Trust: 0.8

sources: JVNDB: JVNDB-2013-002567

EXTERNAL IDS

db:NVDid:CVE-2013-0582

Trust: 2.8

db:JVNDBid:JVNDB-2013-002567

Trust: 0.8

db:CNNVDid:CNNVD-201305-061

Trust: 0.7

db:SECUNIAid:53285

Trust: 0.6

db:AIXAPARid:IV26034

Trust: 0.6

db:AIXAPARid:IV26033

Trust: 0.6

db:AIXAPARid:IV31640

Trust: 0.6

db:BIDid:59591

Trust: 0.4

db:VULHUBid:VHN-60584

Trust: 0.1

sources: VULHUB: VHN-60584 // BID: 59591 // JVNDB: JVNDB-2013-002567 // CNNVD: CNNVD-201305-061 // NVD: CVE-2013-0582

REFERENCES

url:http://www-01.ibm.com/support/docview.wss?uid=swg1iv26033

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg1iv26034

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg1iv31640

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21635688

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0582

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0582

Trust: 0.8

url:http://secunia.com/advisories/53285

Trust: 0.6

url:http://www-01.ibm.com/software/tivoli/products/federated-identity-mgr/

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21635688

Trust: 0.3

sources: VULHUB: VHN-60584 // BID: 59591 // JVNDB: JVNDB-2013-002567 // CNNVD: CNNVD-201305-061 // NVD: CVE-2013-0582

CREDITS

IBM

Trust: 0.3

sources: BID: 59591

SOURCES

db:VULHUBid:VHN-60584
db:BIDid:59591
db:JVNDBid:JVNDB-2013-002567
db:CNNVDid:CNNVD-201305-061
db:NVDid:CVE-2013-0582

LAST UPDATE DATE

2024-11-23T23:05:53.911000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-60584date:2013-05-03T00:00:00
db:BIDid:59591date:2013-04-26T00:00:00
db:JVNDBid:JVNDB-2013-002567date:2013-05-07T00:00:00
db:CNNVDid:CNNVD-201305-061date:2013-05-03T00:00:00
db:NVDid:CVE-2013-0582date:2024-11-21T01:47:48.200

SOURCES RELEASE DATE

db:VULHUBid:VHN-60584date:2013-05-02T00:00:00
db:BIDid:59591date:2013-04-26T00:00:00
db:JVNDBid:JVNDB-2013-002567date:2013-05-07T00:00:00
db:CNNVDid:CNNVD-201305-061date:2013-05-03T00:00:00
db:NVDid:CVE-2013-0582date:2013-05-02T18:55:05.443