Title: IBM Tivoli Identity Manager Session Fixation Vulnerability
Severity: MODERATE
Description:
IBM Tivoli Identity Manager is a tool for managing user access to IT resources.
The application is prone to a session-fixation vulnerability caused by a design error when handling sessions. Specifically, the issue affects the console and self-service interface.
Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.
Tivoli Identity Manager 5.0 is affected.
Affected Products:
- IBM Directory Server 6.0
- IBM Tivoli Identity Manager 5.0
References:
- IBM: IBM Tivoli Identity Manager, ver 5.0, Interim Fix 5.0.0.6-TIV-TIM-IF0029
- IBM : Tivoli Identity Manager Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
