CVE-2013-5429
IBM Tivoli Federated Identity Manager <6.2.2 - Info Disclosure
Title source: llmDescription
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.
References (4)
Scores
EPSS
0.0018
EPSS Percentile
39.4%
Classification
CWE
CWE-287
Status
draft
Affected Products (9)
ibm/tivoli_federated_identity_manager
ibm/tivoli_federated_identity_manager
ibm/tivoli_federated_identity_manager
ibm/tivoli_federated_identity_manager
ibm/tivoli_federated_identity_manager
ibm/tivoli_federated_identity_manager
ibm/tivoli_federated_identity_manager
ibm/tivoli_federated_identity_manager
ibm/tivoli_federated_identity_manager
Timeline
Published
Jan 21, 2014
Tracked Since
Feb 18, 2026