Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2558

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2558
Last Modified 05 Sep 2008 04:44:28
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2558

Summary

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack."

Vulnerable Systems

Application

  • Ibm Tivoli Access Manager For E-business 3.9

  • Ibm Tivoli Access Manager For E-business 4.1

  • Ibm Tivoli Access Manager For E-business 5.1

  • Ibm Tivoli Access Manager Identity Manager Solution 5.1

  • Ibm Tivoli Configuration Manager 4.2

  • Ibm Tivoli Configuration Manager For Atm 2.1

  • Ibm Tivoli Secureway Policy Director 3.8

  • Ibm Websphere Everyplace Server 2.1.3

  • Ibm Websphere Everyplace Server 2.1.4

  • Ibm Websphere Everyplace Server 2.1.5


References

BID - 10449

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21168762

XF - ibm-cookie-session-hijack(16315)

SECUNIA - 11761


Last Updated: 27 May 2016 10:39:32