Session Hijacking Vulnerability in IBM Tivoli SecureWay and WebSphere Products
CVE-2004-2558

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Everyplace Server; Tivoli Configuration Manager; Tivoli Access Manager For E-business; Tivoli Secureway Policy Director
Vendor: CVE Published:; 31 December 2004

Summary

This vulnerability in various IBM Tivoli and WebSphere products allows attackers to hijack authenticated user sessions by exploiting weaknesses in cookie handling. Attackers can leverage unknown methods to manipulate cookies, enabling them to gain unauthorized access to user sessions, potentially leading to credential impersonation and data breaches.

References

http://www.securityfocus.com/bid/10449

vdb-entryx_refsource_BID

http://www-1.ibm.com/support/docview.wss?uid=swg21168762

x_refsource_CONFIRM

http://secunia.com/advisories/11761

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Nov 21, 2005
Vulnerability published
Dec 31, 2004