IBM Tivoli Federated Identity Manager 6.2.2 < 6.2.2 FP16 XSS (swg21974157)
Medium Nessus Plugin ID 88090
SynopsisThe remote host has an application installed that is affected by a cross-site scripting vulnerability.
DescriptionThe version of IBM Tivoli Federated Identity Manager installed on the remote Windows host is 6.2.2.x prior to 18.104.22.168. It is, therefore, affected by a cross-site scripting vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted URL, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to IBM Tivoli Federated Identity Manager 6.2.2 FP16 (22.214.171.124) or later.