CVE-2004-2558 - OpenCVE

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Tivoli Access Manager For E-business Tivoli Access Manager Identity Manager Solution Websphere Everyplace Server Tivoli Configuration Manager For Atm Tivoli Configuration Manager Tivoli Secureway Policy Director

Configuration 1 [-]

OR	cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:3.9:::::::*
	cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:4.1:::::::*
	cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:5.1:::::::*
	cpe:2.3:a:ibm:tivoli_access_manager_identity_manager_solution:5.1:::::::*
	cpe:2.3:a:ibm:tivoli_configuration_manager:4.2:::::::*
	cpe:2.3:a:ibm:tivoli_configuration_manager_for_atm:2.1:::::::*
	cpe:2.3:a:ibm:tivoli_secureway_policy_director:3.8:::::::*
	cpe:2.3:a:ibm:websphere_everyplace_server:2.1.3:::::::*
	cpe:2.3:a:ibm:websphere_everyplace_server:2.1.4:::::::*
	cpe:2.3:a:ibm:websphere_everyplace_server:2.1.5:::::::*

References

Link	Resource
http://secunia.com/advisories/11761	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21168762	Patch Vendor Advisory
http://www.securityfocus.com/bid/10449	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16315

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-21T11:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-11-21T00:00:00

Link: CVE-2004-2558

JSON object: View

NVD Information

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:32:00.593

Link: CVE-2004-2558

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka \"Potential Credential Impersonation Attack.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "10449", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10449"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21168762"}, {"name": "11761", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/11761"}, {"name": "ibm-cookie-session-hijack(16315)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16315"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2558", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka \"Potential Credential Impersonation Attack.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "10449", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10449"}, {"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21168762", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21168762"}, {"name": "11761", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11761"}, {"name": "ibm-cookie-session-hijack(16315)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16315"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2558", "datePublished": "2005-11-21T11:00:00", "dateReserved": "2005-11-21T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "B7681DCD-F704-4D87-B464-4BF43910CAEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D24097DF-065B-49C3-AC07-8358C0E462A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "7319E4CB-5F62-4584-AD9A-3031F6B602B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_access_manager_identity_manager_solution:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF5FC716-66E9-41CF-BB0C-2E68C4FC14DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_configuration_manager:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "193DDA4D-BC65-4F30-8333-01DACDEF9213", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_configuration_manager_for_atm:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "332D58A2-602A-4448-A508-AB7DC2E524F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_secureway_policy_director:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "A8A0D65D-4DF7-4A95-81A9-8B97AA44A2D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_everyplace_server:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "23A16347-2CC0-4104-8396-BDB83FBD83EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_everyplace_server:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "96130CA9-CD7D-401A-81D0-CAFC9D5BCF98", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_everyplace_server:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "521C7EC4-D410-41F2-A455-F4165B569B49", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka \"Potential Credential Impersonation Attack.\""}], "id": "CVE-2004-2558", "lastModified": "2017-07-11T01:32:00.593", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/11761"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21168762"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/10449"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16315"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}