IBM » Tivoli Identity Manager : Security Vulnerabilities, CVEs, (XSS)
Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity Manager (ITIM) 5.0 before 5.0.0.15 and 5.1 before 5.1.0.15 and IBM Security Identity Manager (ISIM) 6.0 before 6.0.0.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
6.0
EPSS Score
0.08%
Published
2014-06-08
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.
Max CVSS
3.5
EPSS Score
0.07%
Published
2009-09-18
Updated
2009-09-21
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector.
Max CVSS
4.3
EPSS Score
0.32%
Published
2009-07-05
Updated
2009-08-05
3 vulnerabilities found