Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka Potential Credential Impersonation Attack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tivoli_access_manager_for_e-business | Ibm | 3.9 (including) | 3.9 (including) |
| Tivoli_access_manager_for_e-business | Ibm | 4.1 (including) | 4.1 (including) |
| Tivoli_access_manager_for_e-business | Ibm | 5.1 (including) | 5.1 (including) |
| Tivoli_access_manager_identity_manager_solution | Ibm | 5.1 (including) | 5.1 (including) |
| Tivoli_configuration_manager | Ibm | 4.2 (including) | 4.2 (including) |
| Tivoli_configuration_manager_for_atm | Ibm | 2.1 (including) | 2.1 (including) |
| Tivoli_secureway_policy_director | Ibm | 3.8 (including) | 3.8 (including) |
| Websphere_everyplace_server | Ibm | 2.1.3 (including) | 2.1.3 (including) |
| Websphere_everyplace_server | Ibm | 2.1.4 (including) | 2.1.4 (including) |
| Websphere_everyplace_server | Ibm | 2.1.5 (including) | 2.1.5 (including) |
References
- http://secunia.com/advisories/11761
- http://www-1.ibm.com/support/docview.wss?uid=swg21168762
- http://www.securityfocus.com/bid/10449
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16315
- http://secunia.com/advisories/11761
- http://www-1.ibm.com/support/docview.wss?uid=swg21168762
- http://www.securityfocus.com/bid/10449
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16315