Lucene search

[email protected]CVE-2004-2558

HistoryNov 21, 2005 - 11:00 a.m.

CVE-2004-2558

2005-11-2111:00:00

[email protected]

web.nvd.nist.gov

ibm

tivoli

secureway

policy director

access manager

e-business

identity manager

configuration manager

websphere

everyplace server

nvd

cve-2004-2558

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.4%

JSON

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka “Potential Credential Impersonation Attack.”

Affected configurations

NVD

Node

ibmtivoli_access_manager_for_e-businessMatch3.9

ibmtivoli_access_manager_for_e-businessMatch4.1

ibmtivoli_access_manager_for_e-businessMatch5.1

ibmtivoli_access_manager_identity_manager_solutionMatch5.1

ibmtivoli_configuration_managerMatch4.2

ibmtivoli_configuration_manager_for_atmMatch2.1

ibmtivoli_secureway_policy_directorMatch3.8

ibmwebsphere_everyplace_serverMatch2.1.3

ibmwebsphere_everyplace_serverMatch2.1.4

ibmwebsphere_everyplace_serverMatch2.1.5

CPENameOperatorVersion
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq3.9
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq4.1
ibm:tivoli_access_manager_for_e-businessibm tivoli access manager for e-businesseq5.1
ibm:tivoli_access_manager_identity_manager_solutionibm tivoli access manager identity manager solutioneq5.1
ibm:tivoli_configuration_manageribm tivoli configuration managereq4.2
ibm:tivoli_configuration_manager_for_atmibm tivoli configuration manager for atmeq2.1
ibm:tivoli_secureway_policy_directoribm tivoli secureway policy directoreq3.8
ibm:websphere_everyplace_serveribm websphere everyplace servereq2.1.3
ibm:websphere_everyplace_serveribm websphere everyplace servereq2.1.4
ibm:websphere_everyplace_serveribm websphere everyplace servereq2.1.5

CPE	Name	Operator	Version
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	3.9
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	4.1
ibm:tivoli_access_manager_for_e-business	ibm tivoli access manager for e-business	eq	5.1
ibm:tivoli_access_manager_identity_manager_solution	ibm tivoli access manager identity manager solution	eq	5.1
ibm:tivoli_configuration_manager	ibm tivoli configuration manager	eq	4.2
ibm:tivoli_configuration_manager_for_atm	ibm tivoli configuration manager for atm	eq	2.1
ibm:tivoli_secureway_policy_director	ibm tivoli secureway policy director	eq	3.8
ibm:websphere_everyplace_server	ibm websphere everyplace server	eq	2.1.3
ibm:websphere_everyplace_server	ibm websphere everyplace server	eq	2.1.4
ibm:websphere_everyplace_server	ibm websphere everyplace server	eq	2.1.5

References

secunia.com/advisories/11761

www-1.ibm.com/support/docview.wss?uid=swg21168762

www.securityfocus.com/bid/10449

exchange.xforce.ibmcloud.com/vulnerabilities/16315

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.4%

JSON

Related for CVE-2004-2558

nvd1 cvelist1