CVE-2009-2583

Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/35931	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24023826	Patch Vendor Advisory
http://www.securityfocus.com/bid/35779	Patch
http://www.securitytracker.com/id?1022597
http://www.vupen.com/english/advisories/2009/1990	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-07-23 20:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-2583

Mitre link : CVE-2009-2583

CVE.ORG link : CVE-2009-2583

JSON object : View

Products Affected

ibm

tivoli_identity_manager

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2009-2583", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2009-07-23T20:30:00.280", "references": [{"url": "http://secunia.com/advisories/35931", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023826", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35779", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1022597", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1990", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de fijaci\u00f3n de sesi\u00f3n en IBM Tivoli Identity Manager (ITIM) v5.0.0.6 permite a atacantes remotos secuestrar sesiones web mediante vectores no definidos relacionados con (1)la consola y (2) la interfaz de servicio."}], "lastModified": "2009-08-04T05:25:44.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_identity_manager:5.0.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95053FE3-56DD-44A8-A2F7-CEC2CFF9D927"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}