Sign-up

ID

VAR-201311-0156


CVE

CVE-2013-5431


TITLE

IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerability

Trust: 0.8

sources: CERT/CC: VU#596990

DESCRIPTION

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-601: Identified as open redirect. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. Other attacks are possible. An open redirection vulnerability exists in IBM TFIM and TFIMBG. The following versions are affected: IBM TFIM v6.1.1, 6.2.0, 6.2.1, 6.2.2 versions and TFIMBG v6.1.1, 6.2.0, 6.2.1, 6.2.2 versions

Trust: 2.7

sources: NVD: CVE-2013-5431 // CERT/CC: VU#596990 // JVNDB: JVNDB-2013-004974 // BID: 63396 // VULHUB: VHN-65433

AFFECTED PRODUCTS

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.1

Trust: 2.7

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.1

Trust: 2.4

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.1.1

Trust: 1.9

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.1.1

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0

Trust: 1.6

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.2

Trust: 1.6

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.2

Trust: 1.6

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.2 if 8

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:ltversion:6.2.0

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.1.1 if 15

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0 if 14

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:ltversion:6.2.2

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.2 if 8

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.1.1 if 15

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0 if 14

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:ltversion:6.1.1

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:ltversion:6.2.2

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:ltversion:6.1.1

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:ltversion:6.2.0

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.3

Trust: 0.3

sources: CERT/CC: VU#596990 // BID: 63396 // JVNDB: JVNDB-2013-004974 // CNNVD: CNNVD-201310-676 // NVD: CVE-2013-5431

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2013-5431
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2013-5431
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201310-676
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65433
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5431
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2013-5431
severity: MEDIUM
baseScore: 4.3
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-65433
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#596990 // VULHUB: VHN-65433 // JVNDB: JVNDB-2013-004974 // CNNVD: CNNVD-201310-676 // NVD: CVE-2013-5431

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-601

Trust: 0.8

problemtype:CWE-Other

Trust: 0.8

sources: CERT/CC: VU#596990 // VULHUB: VHN-65433 // JVNDB: JVNDB-2013-004974 // NVD: CVE-2013-5431

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-676

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-676

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004974

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#596990

PATCH
title:1654114url:http://www-01.ibm.com/support/docview.wss?uid=swg21654114
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004974

EXTERNAL IDS
db:NVDid:CVE-2013-5431
Trust: 2.8
db:CERT/CCid:VU#596990
Trust: 2.7
db:BIDid:63396
Trust: 1.0
db:JVNid:JVNVU91825366
Trust: 0.8
db:JVNDBid:JVNDB-2013-004974
Trust: 0.8
db:CNNVDid:CNNVD-201310-676
Trust: 0.7
db:AIXAPARid:IV50639
Trust: 0.6
db:XFid:20135431
Trust: 0.6
db:XFid:87616
Trust: 0.6
db:VULHUBid:VHN-65433
Trust: 0.1
sources:
            
            
            CERT/CC: VU#596990 // 
            
            
            
            VULHUB: VHN-65433 // 
            
            
            
            BID: 63396 // 
            
            
            
            JVNDB: JVNDB-2013-004974 // 
            
            
            
            CNNVD: CNNVD-201310-676 // 
            
            
            
            NVD: CVE-2013-5431

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21654114
Trust: 2.5
url:http://www.kb.cert.org/vuls/id/596990
Trust: 1.9
url:http://www-01.ibm.com/support/docview.wss?uid=swg1iv50639
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87616
Trust: 1.1
url:http://cwe.mitre.org/data/definitions/601.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5431
Trust: 0.8
url:http://jvn.jp/cert/jvnvu91825366/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5431
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/87616
Trust: 0.6
url:http://www.securityfocus.com/bid/63396
Trust: 0.6
sources:
            
            
            CERT/CC: VU#596990 // 
            
            
            
            VULHUB: VHN-65433 // 
            
            
            
            JVNDB: JVNDB-2013-004974 // 
            
            
            
            CNNVD: CNNVD-201310-676 // 
            
            
            
            NVD: CVE-2013-5431

CREDITS
IBM
Trust: 0.9
sources:
            
            
            BID: 63396 // 
            
            
            
            CNNVD: CNNVD-201310-676

SOURCES
db:CERT/CCid:VU#596990
db:VULHUBid:VHN-65433
db:BIDid:63396
db:JVNDBid:JVNDB-2013-004974
db:CNNVDid:CNNVD-201310-676
db:NVDid:CVE-2013-5431

LAST UPDATE DATE
2024-11-23T22:56:39.488000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#596990date:2014-07-24T00:00:00
db:VULHUBid:VHN-65433date:2017-08-29T00:00:00
db:BIDid:63396date:2013-10-28T00:00:00
db:JVNDBid:JVNDB-2013-004974date:2013-11-11T00:00:00
db:CNNVDid:CNNVD-201310-676date:2013-11-05T00:00:00
db:NVDid:CVE-2013-5431date:2024-11-21T01:57:28.223

SOURCES RELEASE DATE
db:CERT/CCid:VU#596990date:2013-11-07T00:00:00
db:VULHUBid:VHN-65433date:2013-11-01T00:00:00
db:BIDid:63396date:2013-10-28T00:00:00
db:JVNDBid:JVNDB-2013-004974date:2013-11-05T00:00:00
db:CNNVDid:CNNVD-201310-676date:2013-10-28T00:00:00
db:NVDid:CVE-2013-5431date:2013-11-01T02:55:04.963