CVE-2013-5431

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager versions 6.1.1 through 6.1.1 before IF 15 IBM Tivoli Federated Identity Manager versions 6.2.0 through 6.2.0 before IF 14 IBM Tivoli Federated Identity Manager versions 6.2.1 through 6.2.1 IBM Tivoli Federated Identity Manager versions 6.2.2 through 6.2.2 before IF 8 IBM Tivoli Federated Identity Manager Business Gateway versions 6.1.1 through 6.1.1 before IF 15 IBM Tivoli Federated Identity Manager Business Gateway versions 6.2.0 through 6.2.0 before IF 14 IBM Tivoli Federated Identity Manager Business Gateway versions 6.2.1 through 6.2.1 IBM Tivoli Federated Identity Manager Business Gateway versions 6.2.2 through 6.2.2 before IF 8

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.

Recommendations For IBM Tivoli Federated Identity Manager version 6.1.1, apply IF 15 or later. For IBM Tivoli Federated Identity Manager version 6.2.0, apply IF 14 or later. For IBM Tivoli Federated Identity Manager version 6.2.1, apply IF 8 or later to version 6.2.2. For IBM Tivoli Federated Identity Manager version 6.2.2, apply IF 8 or later. For IBM Tivoli Federated Identity Manager Business Gateway version 6.1.1, apply IF 15 or later. For IBM Tivoli Federated Identity Manager Business Gateway version 6.2.0, apply IF 14 or later. For IBM Tivoli Federated Identity Manager Business Gateway version 6.2.1, apply IF 8 or later to version 6.2.2. For IBM Tivoli Federated Identity Manager Business Gateway version 6.2.2, apply IF 8 or later.