CVE-2009-2583

Published: Jul 23, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.

Affected (1)

Products: Ibm: Tivoli Identity Manager

Ibm

1 product

Tivoli Identity Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Tivoli Identity Manager	Version 5.0.0.6

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://secunia.com/advisories/35931

Source: cve@mitre.org

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659

Source: cve@mitre.org

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg24023826

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/35779

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1022597

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1990

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/35931