Lucene search

[email protected]CVE-2009-2316

HistoryJul 05, 2009 - 4:30 p.m.

CVE-2009-2316

2009-07-0516:30:00

CWE-79

[email protected]

web.nvd.nist.gov

ibm

tivoli

identity manager

itim

xss

cross-site scripting

vulnerability

remote attackers

injection

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector.

Affected configurations

NVD

Node

ibmtivoli_identity_managerMatch5.0

CPENameOperatorVersion
ibm:tivoli_identity_manageribm tivoli identity managereq5.0

CPE	Name	Operator	Version
ibm:tivoli_identity_manager	ibm tivoli identity manager	eq	5.0

References

osvdb.org/55550

osvdb.org/55551

secunia.com/advisories/35696

secunia.com/advisories/36119

www-01.ibm.com/support/docview.wss?uid=swg1IZ54310

www-01.ibm.com/support/docview.wss?uid=swg1IZ54311

www-01.ibm.com/support/docview.wss?uid=swg1IZ55518

www-01.ibm.com/support/docview.wss?uid=swg24023640

www-01.ibm.com/support/docview.wss?uid=swg24023929

www.securityfocus.com/bid/35566

www.securitytracker.com/id?1022508

www.vupen.com/english/advisories/2009/1774

www.vupen.com/english/advisories/2009/2106

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for CVE-2009-2316

prion1 cvelist1 nvd1