IBM Tivoli Federated Identity Manager 6.2.x < 6.2.2 FP17 Multiple Vulnerabilities
Medium Nessus Plugin ID 100422
SynopsisThe remote host has an application installed that is affected by multiple vulnerabilities.
DescriptionThe version of IBM Tivoli Federated Identity Manager installed on the remote Windows host is 6.2.x prior to 188.8.131.52. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists due to a failure to properly use Secure attributes in cookies. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-1319)
- A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-1320)
SolutionUpgrade to IBM Tivoli Federated Identity Manager version 6.2.2 FP17 (184.108.40.206) or later.