CVE-2004-2558

3 documents3 sources

Severity

7.5HIGH

EPSS

0.8%

top 26.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Access Manager FOR E-business IBM Tivoli Access Manager Identity Manager Solution IBM Tivoli Configuration Manager +3 more

Timeline

PublishedDec 31

Latest updateApr 29

Description

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation…

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶NVDibm/tivoli_access_manager_identity_manager_solution5.1

▶NVDibm/tivoli_access_manager3.9, 4.1, 5.1+2

▶NVDibm/tivoli_configuration_manager4.2, 2.1+1

▶NVDibm/tivoli_secureway_policy_director3.8

▶NVDibm/websphere_everyplace_server2.1.3, 2.1.4, 2.1.5+2

Patches

Patch: www-1.ibm.com ↗Patch: www.securityfocus.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-h7h5-28w5-gr84: Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3↗2022-04-29

▶

CVEList

CVE-2004-2558: Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3↗2005-11-21

▶