CVE-2015-1966 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17 6.2.1 before FP9 and 6.2.2 before FP15 as used in Security Access Manager for Mobile and other products allow remote attackers to inject arbitrary web script or HTML via a crafted URL related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros.

Reference

http://www.securityfocus.com/bid/75537 http://www.securitytracker.com/id/1032767 http://www-01.ibm.com/support/docview.wss?uid=swg1IV74198 http://www-01.ibm.com/support/docview.wss?uid=swg1IV74199 http://www-01.ibm.com/support/docview.wss?uid=swg1IV74200 http://www-01.ibm.com/support/docview.wss?uid=swg21959071