6.8

CVE-2009-2583

Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmTivoli Identity Manager Version5.0.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.38% 0.685
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/35931
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg24023826
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35779
Patch
http://www.securitytracker.com/id?1022597
http://www.vupen.com/english/advisories/2009/1990
Patch
Vendor Advisory