CVE-2004-2558
First published: Fri Dec 31 2004(Updated: )
Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Access Manager for e-business | =3.9 | |
| IBM Tivoli Access Manager for e-business | =4.1 | |
| IBM Tivoli Access Manager for e-business | =5.1 | |
| IBM Tivoli Access Manager Identity Manager Solution | =5.1 | |
| IBM Tivoli Configuration Manager for ATM | =4.2 | |
| IBM Tivoli Configuration Manager for ATM | =2.1 | |
| IBM Tivoli SecureWay Policy Director | =3.8 | |
| IBM WebSphere Everyplace Server | =2.1.3 | |
| IBM WebSphere Everyplace Server | =2.1.4 | |
| IBM WebSphere Everyplace Server | =2.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2558?
CVE-2004-2558 is classified as a moderate severity vulnerability.
How do I fix CVE-2004-2558?
To fix CVE-2004-2558, upgrade the affected software to the latest patched version provided by IBM.
Which software is affected by CVE-2004-2558?
CVE-2004-2558 affects IBM Tivoli SecureWay Policy Director, IBM Tivoli Access Manager for e-business, IBM WebSphere Everyplace Server, and other IBM products listed in the CVE.
Is CVE-2004-2558 exploitable remotely?
Yes, CVE-2004-2558 can potentially be exploited remotely, impacting the security of the affected systems.
When was CVE-2004-2558 disclosed?
CVE-2004-2558 was disclosed on December 20, 2004.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm tivoli access manager for e-business
- version/ibm tivoli access manager for e-business/3.9
- version/ibm tivoli access manager for e-business/4.1
- version/ibm tivoli access manager for e-business/5.1
- canonical/ibm tivoli access manager identity manager solution
- version/ibm tivoli access manager identity manager solution/5.1
- canonical/ibm tivoli configuration manager for atm
- version/ibm tivoli configuration manager for atm/4.2
- version/ibm tivoli configuration manager for atm/2.1
- canonical/ibm tivoli secureway policy director
- version/ibm tivoli secureway policy director/3.8
- canonical/ibm websphere everyplace server
- version/ibm websphere everyplace server/2.1.3
- version/ibm websphere everyplace server/2.1.4
- version/ibm websphere everyplace server/2.1.5