CVE-2013-5429Improper Authentication in IBM Tivoli Federated Identity Manager

CWE-287Improper Authentication3 documents3 sources
Severity
2.1LOWNVD
EPSS
0.2%
top 60.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Federated Identity Manager
Timeline
PublishedJan 21
Latest updateMay 17

Description

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-36q6-fpx2-25qj: The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 62022-05-17
CVEList
CVE-2013-5429: The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 62014-01-21
CVE-2013-5429 — Improper Authentication in IBM | cvebase