CVE-2009-3262

{"id": "CVE-2009-3262", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-09-18T21:30:01.063", "references": [{"url": "http://secunia.com/advisories/36511", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1022837", "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Self Service UI (SSUI) en IBM Tivoli Identity Manager (ITIM) v5.0.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s de el campo \"last name\" en un perfil."}], "lastModified": "2009-09-21T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4908A93-BA67-4031-8794-F6A87A3A072C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Per http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747\r\n\r\n A fix is available\r\n\r\nIBM Tivoli Identity Manager, ver 5.0, Interim Fix 5.0.0.6-TIV-TIM-IF0031"}