PT-2009-4983 · Ibm · Ibm Tivoli Identity Manager

Published

2009-07-23

Updated

2009-08-04

CVE-2009-2583

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Tivoli Identity Manager version 5.0.0.6

Description The issue involves multiple session fixation vulnerabilities that can be exploited by remote attackers to hijack web sessions. This is achieved through unspecified vectors involving the console and self-service interfaces.

Recommendations For IBM Tivoli Identity Manager version 5.0.0.6, consider restricting access to the console and self-service interfaces until a fix is available. As a temporary workaround, disabling the affected interfaces may help minimize the risk of session hijacking. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-2583

Affected Products

Ibm Tivoli Identity Manager

PT-2009-4983 · Ibm · Ibm Tivoli Identity Manager

CVE-2009-2583

Weakness Enumeration

Related Identifiers

Affected Products

References · 7