Vulnerabilities > CVE-2004-2558 - Product Unspecified Credential Impersonation vulnerability in IBM

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ibm

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack."

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Tivoli Access Manager FOR E Business 3.9 IBM Tivoli Access Manager FOR E Business 4.1 IBM Tivoli Access Manager FOR E Business 5.1 IBM Tivoli Access Manager Identity Manager Solution 5.1 IBM Tivoli Configuration Manager 4.2 IBM Tivoli Configuration Manager FOR ATM 2.1 IBM Tivoli Secureway Policy Director 3.8 IBM Websphere Everyplace Server 2.1.3 IBM Websphere Everyplace Server 2.1.4 IBM Websphere Everyplace Server 2.1.5	10

Summary

Vulnerable Configurations

References