CVE-2013-0582

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager versions 6.2.0 through 6.2.0.11 IBM Tivoli Federated Identity Manager versions 6.2.1 through 6.2.1.4 IBM Tivoli Federated Identity Manager versions 6.2.2 through 6.2.2.3 IBM Tivoli Federated Identity Manager Business Gateway versions 6.2.0 through 6.2.0.11 IBM Tivoli Federated Identity Manager Business Gateway versions 6.2.1 through 6.2.1.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.

Recommendations For IBM Tivoli Federated Identity Manager versions 6.2.0 through 6.2.0.11, update to version 6.2.0.12 or later. For IBM Tivoli Federated Identity Manager versions 6.2.1 through 6.2.1.4, update to version 6.2.1.5 or later. For IBM Tivoli Federated Identity Manager versions 6.2.2 through 6.2.2.3, update to version 6.2.2.4 or later. For IBM Tivoli Federated Identity Manager Business Gateway versions 6.2.0 through 6.2.0.11, update to version 6.2.0.12 or later. For IBM Tivoli Federated Identity Manager Business Gateway versions 6.2.1 through 6.2.1.4, update to version 6.2.1.5 or later.