CVE-2010-4120

Published: Oct 28, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.

Affected (2)

Products: Ibm: Tivoli Access Manager For E Business

1 product

Tivoli Access Manager For E Business

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Access Manager For E Business	Version 6.1.0
Ibm Tivoli Access Manager For E Business	Version 6.1.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (34)

http://osvdb.org/68884

Source: cve@mitre.org

http://osvdb.org/68885

Source: cve@mitre.org

http://osvdb.org/68886

Source: cve@mitre.org

http://osvdb.org/68887

Source: cve@mitre.org

http://osvdb.org/68888

Source: cve@mitre.org

http://osvdb.org/68889

Source: cve@mitre.org

http://osvdb.org/68890

Source: cve@mitre.org

http://osvdb.org/68891

Source: cve@mitre.org

http://osvdb.org/68892

Source: cve@mitre.org

http://osvdb.org/68893

Source: cve@mitre.org

http://osvdb.org/68894

Source: cve@mitre.org

http://secunia.com/advisories/41974

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1024633

Source: cve@mitre.org

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/bid/44382

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2010/2774

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/62750

Source: cve@mitre.org

http://osvdb.org/68884

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68885

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68886

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68887

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68888

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68889

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68890

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68891

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68892

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68893

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/68894

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/41974

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1024633

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ84918

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securityfocus.com/bid/44382

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2010/2774

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/62750

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.