Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Tivoli Identity Manager | 5.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/55550
- http://osvdb.org/55551
- http://secunia.com/advisories/35696Vendor Advisory
- http://secunia.com/advisories/36119
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54310Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54311
- http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55518
- http://www-01.ibm.com/support/docview.wss?uid=swg24023640PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg24023929
- http://www.securityfocus.com/bid/35566
- http://www.securitytracker.com/id?1022508
- http://www.vupen.com/english/advisories/2009/1774
- http://www.vupen.com/english/advisories/2009/2106
- http://osvdb.org/55550
- http://osvdb.org/55551
FAQ
What is CVE-2009-2316?
CVE-2009-2316 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the se...
How severe is CVE-2009-2316?
CVE-2009-2316 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2316?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Tivoli Identity Manager.