CVE-2010-4120 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Tivoli Access Manager For E-business

Configuration 1 [-]

OR	cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0:::::::*
	cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1:::::::*

No data.

References

Link	Providers
http://osvdb.org/68884
http://osvdb.org/68885
http://osvdb.org/68886
http://osvdb.org/68887
http://osvdb.org/68888
http://osvdb.org/68889
http://osvdb.org/68890
http://osvdb.org/68891
http://osvdb.org/68892
http://osvdb.org/68893
http://osvdb.org/68894
http://secunia.com/advisories/41974
http://securitytracker.com/id?1024633
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918
http://www.securityfocus.com/bid/44382
http://www.vupen.com/english/advisories/2010/2774
https://exchange.xforce.ibmcloud.com/vulnerabilities/62750

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-10-28T20:00:00

Updated: 2024-08-07T03:34:37.796Z

Reserved: 2010-10-28T00:00:00

Link: CVE-2010-4120

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-10-28T21:00:01.887

Modified: 2024-11-21T01:20:17.170

Link: CVE-2010-4120

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-10-22T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "68892", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68892"}, {"name": "68891", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68891"}, {"name": "68885", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68885"}, {"name": "ADV-2010-2774", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2774"}, {"name": "IZ84918", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918"}, {"name": "68890", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68890"}, {"name": "68884", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68884"}, {"name": "68893", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68893"}, {"name": "tivoli-ebusiness-parm1-xss(62750)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62750"}, {"name": "44382", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/44382"}, {"name": "68886", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68886"}, {"name": "1024633", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024633"}, {"name": "68889", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68889"}, {"name": "68888", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68888"}, {"name": "68894", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68894"}, {"name": "68887", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/68887"}, {"name": "41974", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41974"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4120", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "68892", "refsource": "OSVDB", "url": "http://osvdb.org/68892"}, {"name": "68891", "refsource": "OSVDB", "url": "http://osvdb.org/68891"}, {"name": "68885", "refsource": "OSVDB", "url": "http://osvdb.org/68885"}, {"name": "ADV-2010-2774", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2774"}, {"name": "IZ84918", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918"}, {"name": "68890", "refsource": "OSVDB", "url": "http://osvdb.org/68890"}, {"name": "68884", "refsource": "OSVDB", "url": "http://osvdb.org/68884"}, {"name": "68893", "refsource": "OSVDB", "url": "http://osvdb.org/68893"}, {"name": "tivoli-ebusiness-parm1-xss(62750)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62750"}, {"name": "44382", "refsource": "BID", "url": "http://www.securityfocus.com/bid/44382"}, {"name": "68886", "refsource": "OSVDB", "url": "http://osvdb.org/68886"}, {"name": "1024633", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024633"}, {"name": "68889", "refsource": "OSVDB", "url": "http://osvdb.org/68889"}, {"name": "68888", "refsource": "OSVDB", "url": "http://osvdb.org/68888"}, {"name": "68894", "refsource": "OSVDB", "url": "http://osvdb.org/68894"}, {"name": "68887", "refsource": "OSVDB", "url": "http://osvdb.org/68887"}, {"name": "41974", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41974"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:34:37.796Z"}, "title": "CVE Program Container", "references": [{"name": "68892", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68892"}, {"name": "68891", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68891"}, {"name": "68885", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68885"}, {"name": "ADV-2010-2774", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2774"}, {"name": "IZ84918", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918"}, {"name": "68890", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68890"}, {"name": "68884", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68884"}, {"name": "68893", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68893"}, {"name": "tivoli-ebusiness-parm1-xss(62750)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62750"}, {"name": "44382", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/44382"}, {"name": "68886", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68886"}, {"name": "1024633", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1024633"}, {"name": "68889", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68889"}, {"name": "68888", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68888"}, {"name": "68894", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68894"}, {"name": "68887", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/68887"}, {"name": "41974", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41974"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4120", "datePublished": "2010-10-28T20:00:00", "dateReserved": "2010-10-28T00:00:00", "dateUpdated": "2024-08-07T03:34:37.796Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CAE25B3-55F6-4D93-9110-26323F5D6CF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FDBFAE1-351E-4E9F-877E-E9BBB50FCFF8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la cosola TAM de IBM Tivoli Access Manager para e-business v6.1.0 anterior a v6.1.0-TIV-TAM-FP0006 permite a los atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s de (1) el par\u00e1metro parm1 de ivt/ivtserver, o el par\u00e1metro method de (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, o (11) webseal en ibm/wpm/."}], "evaluatorSolution": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918\r\n\r\n'The fix for this APAR is expected to be contained in the following maintenance delivery vehicle: fix pack | 6.1.0-TIV-TAM-FP0006'\r\n", "id": "CVE-2010-4120", "lastModified": "2024-11-21T01:20:17.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-10-28T21:00:01.887", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/68884"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68885"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68886"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68887"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68888"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68889"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68890"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68891"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68892"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68893"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/68894"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41974"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1024633"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/44382"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2774"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62750"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68886"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68887"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68888"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68890"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68893"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/68894"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41974"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1024633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/44382"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2774"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62750"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}