CVE-2015-1966

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros.

References

http://www.securitytracker.com/id/1032767

http://www.securityfocus.com/bid/75537

http://www-01.ibm.com/support/docview.wss?uid=swg21959071

http://www-01.ibm.com/support/docview.wss?uid=swg1IV74200

http://www-01.ibm.com/support/docview.wss?uid=swg1IV74199

http://www-01.ibm.com/support/docview.wss?uid=swg1IV74198

Details

Source: Mitre, NVD

Published: 2015-07-04

Updated: 2016-12-28

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium