PT-2014-3978 · Ibm · Ibm Security Identity Manager+1

Published

2014-06-08

Updated

2017-08-29

CVE-2014-0961

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Tivoli Identity Manager versions 5.0 through 5.0.0.15 IBM Tivoli Identity Manager versions 5.1 through 5.1.0.15 IBM Security Identity Manager versions 6.0 through 6.0.0.2

Description A cross-site request forgery (CSRF) issue allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Recommendations For IBM Tivoli Identity Manager versions 5.0 through 5.0.0.15, update to version 5.0.0.15 or later. For IBM Tivoli Identity Manager versions 5.1 through 5.1.0.15, update to version 5.1.0.15 or later. For IBM Security Identity Manager versions 6.0 through 6.0.0.2, update to version 6.0.0.2 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2014-0961

Affected Products

Ibm Security Identity Manager

Ibm Tivoli Identity Manager

PT-2014-3978 · Ibm · Ibm Security Identity Manager+1

CVE-2014-0961

Weakness Enumeration

Related Identifiers

Affected Products

References · 5