FKIE_CVE-2017-1320

Vulnerability from fkie_nvd - Published: 2017-05-22 20:29 - Updated: 2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22002877Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1038505
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22002877Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038505
Impacted products
Vendor Product Version
ibm tivoli_federated_identity_manager 6.2.0
ibm tivoli_federated_identity_manager 6.2.0.1
ibm tivoli_federated_identity_manager 6.2.0.2
ibm tivoli_federated_identity_manager 6.2.0.3
ibm tivoli_federated_identity_manager 6.2.0.8
ibm tivoli_federated_identity_manager 6.2.0.9
ibm tivoli_federated_identity_manager 6.2.0.10
ibm tivoli_federated_identity_manager 6.2.0.11
ibm tivoli_federated_identity_manager 6.2.0.12
ibm tivoli_federated_identity_manager 6.2.0.13
ibm tivoli_federated_identity_manager 6.2.0.14
ibm tivoli_federated_identity_manager 6.2.0.15
ibm tivoli_federated_identity_manager 6.2.0.16
ibm tivoli_federated_identity_manager 6.2.0.17
ibm tivoli_federated_identity_manager 6.2.1
ibm tivoli_federated_identity_manager 6.2.1.1
ibm tivoli_federated_identity_manager 6.2.1.2
ibm tivoli_federated_identity_manager 6.2.1.3
ibm tivoli_federated_identity_manager 6.2.1.4
ibm tivoli_federated_identity_manager 6.2.1.5
ibm tivoli_federated_identity_manager 6.2.1.6
ibm tivoli_federated_identity_manager 6.2.1.7
ibm tivoli_federated_identity_manager 6.2.1.8
ibm tivoli_federated_identity_manager 6.2.1.9
ibm tivoli_federated_identity_manager 6.2.2
ibm tivoli_federated_identity_manager 6.2.2.2
ibm tivoli_federated_identity_manager 6.2.2.3
ibm tivoli_federated_identity_manager 6.2.2.4
ibm tivoli_federated_identity_manager 6.2.2.6
ibm tivoli_federated_identity_manager 6.2.2.7
ibm tivoli_federated_identity_manager 6.2.2.8
ibm tivoli_federated_identity_manager 6.2.2.9
ibm tivoli_federated_identity_manager 6.2.2.10
ibm tivoli_federated_identity_manager 6.2.2.11
ibm tivoli_federated_identity_manager 6.2.2.12
ibm tivoli_federated_identity_manager 6.2.2.13
ibm tivoli_federated_identity_manager 6.2.2.14
ibm tivoli_federated_identity_manager 6.2.2.15
ibm tivoli_federated_identity_manager 6.2.2.16
ibm tivoli_federated_identity_manager 6.2.2.17
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E508843E-DEA8-433D-AFD5-2730D2745E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B08471C-D834-4247-87A6-6F9D6777375B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2E0940-AAAF-43CA-A34B-7D7F69D98C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFC5237-6ECD-4B6D-AC3D-D32886302CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E654796-0374-42DC-8635-8F8AE969B60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA2AB53-1012-4E7F-BA36-37B61925D674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1562CAEC-EDC3-4E2D-8D3A-65D8E27AAB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F93FFD7-7590-4903-A297-7CB243156CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "82A52678-4E86-47B7-9908-2F3B81A002E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B13FF6-530E-4007-8838-39B296000E23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E074A49F-7B1C-4474-A419-26CDDAC71A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "615EBF83-FE78-4C9E-A9FE-2B6AFD9790F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3E4337-BE00-4248-9C42-D3A204721CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB97FC3C-8AA5-489D-855C-A416AD8CD4D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F674F64E-F51F-4F5E-AFCD-952958E66FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74F50532-F35A-4D58-A5E6-6CF76C1B9B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "905B81FC-673F-44B0-B50E-B323FB7C2F66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "08DF5827-6D81-46ED-A3AF-9A79DEC63DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA594780-B9F8-4470-8FCE-F6DA30BBB022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "203852B1-9CA0-4E9D-B0BC-DC286F63AD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFC22AC-7341-4A46-A8F7-11FD7B68FA48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2407D9B-5FF1-445D-8A76-8B6A9E237B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D17C99C-64DF-42C8-9BDA-436DA045C5CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE4D6784-84D6-47AC-8714-6CFF083C1DB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93F48368-9617-4EE6-BF7A-6873229C0D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC99FA25-B699-49B9-8379-C53CA6893F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B34BD77-F6D6-43C9-9441-54F7B4932B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFB51985-2D33-492D-96B5-0241B497FA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "867F878F-C18A-444C-A39B-FE0BA6558AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C87711B-A780-4896-B45A-3EC123CD1660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA2DBD22-0427-46E9-893A-13F00E49E516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "69479E7A-6414-41EE-9CA5-4E4A66F6EB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC955321-DE55-49DA-A0A7-A831BB213975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB10B39-D474-4B8A-BB3E-C62A33790F19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F727E9A7-271E-46CF-A613-D47CB2BE7F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "27FD4F89-60A4-4B6F-8915-3BBB070C421A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9359AEC3-1C78-40D7-9994-7D021C1CCF69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0A51FCB-70B0-4176-810C-62CBA3B2E9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C42407-324F-43BD-8D10-3D8C4A207414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FD78A37-1D10-4FE4-A468-D6472F488C33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732."
    },
    {
      "lang": "es",
      "value": "Tivoli Federated Identity Manager versi\u00f3n 6.2 de IMB, es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 125732."
    }
  ],
  "id": "CVE-2017-1320",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-22T20:29:00.360",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002877"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038505"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.