CVE-2004-2558

Name of the Vulnerable Software and Affected Versions IBM Tivoli SecureWay Policy Director version 3.8 IBM Access Manager for e-business versions 3.9 through 5.1 IBM Access Manager Identity Manager Solution version 5.1 IBM Configuration Manager version 4.2 IBM Configuration Manager for Automated Teller Machines version 2.1.0 IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms versions 2.1.3 through 2.15

Description The issue allows remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies. This could lead to a potential credential impersonation attack.

Recommendations For IBM Tivoli SecureWay Policy Director version 3.8, update to a version that addresses the issue. For IBM Access Manager for e-business versions 3.9 through 5.1, update to a version that addresses the issue. For IBM Access Manager Identity Manager Solution version 5.1, update to a version that addresses the issue. For IBM Configuration Manager version 4.2, update to a version that addresses the issue. For IBM Configuration Manager for Automated Teller Machines version 2.1.0, update to a version that addresses the issue. For IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms versions 2.1.3 through 2.15, update to a version that addresses the issue.