Tivoli federated identity manager

This hub aggregates every CVE we track for Tivoli federated identity manager, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Tivoli federated identity manager.

• CVE-2018-1443An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerabilit...5.9Mar 8, 2018
• CVE-2017-1319IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.7.5Jun 8, 2017
• CVE-2017-1320IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function...5.4May 22, 2017
• CVE-2015-4959Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.6.1Jan 18, 2016
• CVE-2015-1966Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager fo...4.3Jul 4, 2015
• CVE-2014-3097Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows rem...4.3Oct 2, 2014
• CVE-2013-5429The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not preven...2.1Jan 21, 2014
• CVE-2013-5431Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gatew...5.8Nov 1, 2013
• CVE-2013-0582Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager ...4.3May 2, 2013
• CVE-2012-6359IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0...4.3Jan 18, 2013
• CVE-2012-3310IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) ...3.5Jan 17, 2013
• CVE-2012-3315The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require...5.0Nov 8, 2012
• CVE-2012-3314IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafte...5.8Oct 2, 2012
• CVE-2011-1386IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, ...4.3Jan 4, 2012
• CVE-2011-3138The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 ...5.0Aug 12, 2011