Security Bulletin: Tivoli Federated Identity Manager - SAML 2.0 Cross Site Scripting (CVE-2013-0582)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtsecurity psirtmedim
0 Comments | 709 Visits
A response used in FIM SAML 2.0 protocol could potentially contain unencoded data provided by an untrusted source. An attacker could potentially use this to initiate a cross site scripting attack.
Affected product(s) & Affected version(s):
Tivoli Federated Identity Manager versions 6.2.0, 6.2.1, 6.2.2
Tivoli Federated Identity Manager Business Gateway versions 6.2.0, 6.2.1
Refer to the following reference URLs for remediation and additional vulnerability details.