CVE-2009-2583

IBM Tivoli Identity Manager <5.0.0.6 - Session Fixation

Title source: llm
STIX 2.1

Description

Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces.

References (6)

Core 6
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35779
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ55659
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35931
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1990
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022597
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg24023826

Scores

EPSS 0.0138
EPSS Percentile 68.9%

Details

CWE
CWE-20
Status published
Products (1)
ibm/tivoli_identity_manager 5.0.0.6
Published Jul 23, 2009
Tracked Since Feb 18, 2026