NVD

Id
40727  
Name
CVE-2013-5429  
Description
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.  
Reject
 
CVSS Version
2  
CVSS Score
2.1  
Severity
Low  
CVSS Base Score
2.1  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:N/AC:H/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-18  
Published
2014-01-20  
Modified Date
2014-01-22  
Seq
2013-5429  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
206100 40727 CVE-2013-5429 IV52624  View
206101 40727 CVE-2013-5429 http://www-01.ibm.com/support/docview.wss?uid=swg21660509  View
206102 40727 CVE-2013-5429 http://www-01.ibm.com/support/docview.wss?uid=swg21660510  View
206103 40727 CVE-2013-5429 ibm-tivoli-cve20135429-sec-bypass(87561)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24293 JVNDB-2013-005868 IBM Tivoli Federated Identity Manager および Tivoli Federated Identity Manager Business Gateway におけるトランザクションを完了される脆弱性 IBM Tivoli Federated Identity Manager (TFIM) および Tivoli Federated Identity Manager Business Gateway (TFIMBG) の Risk Based Access 機能は、ワンタイムパスワード (OTP) トークンの再利用を適切に制限しないため、トランザクションを完了される脆弱性が存在します。 CVE-2013-5429 65371 CVE-2013-5429 40727 2.1 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005868.html 2013-12-31 2014-01-23 View