CVE-2015-1966

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager versions 6.2.0 through 6.2.0 FP16 IBM Tivoli Federated Identity Manager versions 6.2.1 through 6.2.1 FP8 IBM Tivoli Federated Identity Manager versions 6.2.2 through 6.2.2 FP14

Description The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This is related to the ERROR DESCRIPTION and TOKEN:RelayState macros.

Recommendations For IBM Tivoli Federated Identity Manager versions 6.2.0 through 6.2.0 FP16, update to FP17 or later. For IBM Tivoli Federated Identity Manager versions 6.2.1 through 6.2.1 FP8, update to FP9 or later. For IBM Tivoli Federated Identity Manager versions 6.2.2 through 6.2.2 FP14, update to FP15 or later.