CVE Vulnerabilities

CVE-2004-2558

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka Potential Credential Impersonation Attack.

Affected Software

Name Vendor Start Version End Version
Tivoli_access_manager_for_e-business Ibm 3.9 3.9
Tivoli_access_manager_for_e-business Ibm 4.1 4.1
Tivoli_access_manager_for_e-business Ibm 5.1 5.1
Tivoli_access_manager_identity_manager_solution Ibm 5.1 5.1
Tivoli_configuration_manager Ibm 4.2 4.2
Tivoli_configuration_manager_for_atm Ibm 2.1 2.1
Tivoli_secureway_policy_director Ibm 3.8 3.8
Websphere_everyplace_server Ibm 2.1.3 2.1.3
Websphere_everyplace_server Ibm 2.1.4 2.1.4
Websphere_everyplace_server Ibm 2.1.5 2.1.5

References