- Home
- CVEs with nessus.description==The version of IBM Tivoli Federated Identity Manager installed on the remote Windows host is 6.2.x prior to 6.2.2.17. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists due to a failure to properly use Secure attributes in cookies. An unauthenticated, remote attacker can exploit this to disclose sensitive information. (CVE-2017-1319)
- A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-1320)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top