Lucene search

[email protected]CVE-2004-2558

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2558

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm

tivoli

secureway

policy director

access manager

e-business

identity manager

configuration manager

websphere

everyplace server

nvd

cve-2004-2558

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka “Potential Credential Impersonation Attack.”

CPENameOperatorVersion
ibm:websphere_everyplace_serveribm websphere everyplace servereq2.1.4
ibm:websphere_everyplace_serveribm websphere everyplace servereq2.1.3
ibm:tivoli_configuration_manageribm tivoli configuration managereq4.2
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq3.9
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq5.1
ibm:tivoli_secureway_policy_directoribm tivoli secureway policy directoreq3.8
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq4.1
ibm:tivoli_configuration_manager_for_atmibm tivoli configuration manager for atmeq2.1
ibm:websphere_everyplace_serveribm websphere everyplace servereq2.1.5
ibm:tivoli_access_manager_identity_manager_solutionibm tivoli access manager identity manager solutioneq5.1

CPE	Name	Operator	Version
ibm:websphere_everyplace_server	ibm websphere everyplace server	eq	2.1.4
ibm:websphere_everyplace_server	ibm websphere everyplace server	eq	2.1.3
ibm:tivoli_configuration_manager	ibm tivoli configuration manager	eq	4.2
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	3.9
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	5.1
ibm:tivoli_secureway_policy_director	ibm tivoli secureway policy director	eq	3.8
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	4.1
ibm:tivoli_configuration_manager_for_atm	ibm tivoli configuration manager for atm	eq	2.1
ibm:websphere_everyplace_server	ibm websphere everyplace server	eq	2.1.5
ibm:tivoli_access_manager_identity_manager_solution	ibm tivoli access manager identity manager solution	eq	5.1

References

secunia.com/advisories/11761

www-1.ibm.com/support/docview.wss?uid=swg21168762

www.securityfocus.com/bid/10449

exchange.xforce.ibmcloud.com/vulnerabilities/16315

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%

JSON