CVE-2013-5429

Published Jan 21, 2014

Last updated 7 years ago

CVSS info 2.1

Overview

Description: The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93F48368-9617-4EE6-BF7A-6873229C0D66"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67236A38-CD11-4C4C-BB68-EF7D0FBEBFA5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC99FA25-B699-49B9-8379-C53CA6893F59"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B34BD77-F6D6-43C9-9441-54F7B4932B34"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFB51985-2D33-492D-96B5-0241B497FA1A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A11F6B0B-F1D0-482E-A8DC-4861C38309C7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "867F878F-C18A-444C-A39B-FE0BA6558AD9"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C87711B-A780-4896-B45A-3EC123CD1660"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA2DBD22-0427-46E9-893A-13F00E49E516"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References