Vulnerability Details : CVE-2013-5429
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.
Vulnerability category: BypassGain privilege
Products affected by CVE-2013-5429
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5429
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-5429
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:N/AC:H/Au:S/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-5429
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5429
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624
IBM notice: The page you requested cannot be displayed
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/87561
IBM Tivoli Federated Identity Manager Business Gateway security bypass CVE-2013-5429 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21660510
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21660509
IBM Security Bulletin: Tivoli Federated Identity Manager One Time Password Enforcement (CVE-2013-5429)Vendor Advisory
Jump to