[email protected]CVE-2012-0714

HistorySep 10, 2012 - 5:55 p.m.

CVE-2012-0714

2012-09-1017:55:00

CWE-352

[email protected]

web.nvd.nist.gov

ibm

maximo asset management

csrf

vulnerability

nvd

security

smartcloud control desk

tivoli asset management

service request manager

service desk

ccmdb

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.3%

JSON

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CPENameOperatorVersion
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq7.0
ibm:maximo_asset_managementibm maximo asset managementeq6.2.0.0
ibm:smartcloud_control_deskibm smartcloud control deskeq7.0
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq7.2
ibm:change_and_configuration_management_databaseibm change and configuration management databaseeq7.0
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq7.1
ibm:change_and_configuration_management_databaseibm change and configuration management databaseeq6.0
ibm:maximo_asset_managementibm maximo asset managementeq7.5.0.0
ibm:maximo_asset_managementibm maximo asset managementeq7.1.0.0
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq6.2

CPE	Name	Operator	Version
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	7.0
ibm:maximo_asset_management	ibm maximo asset management	eq	6.2.0.0
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.0
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	7.2
ibm:change_and_configuration_management_database	ibm change and configuration management database	eq	7.0
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	7.1
ibm:change_and_configuration_management_database	ibm change and configuration management database	eq	6.0
ibm:maximo_asset_management	ibm maximo asset management	eq	7.5.0.0
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.0.0
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	6.2

Rows per page:

1-10 of 131

References

osvdb.org/85179

secunia.com/advisories/50551

www-01.ibm.com/support/docview.wss?uid=swg1IV16085

www-01.ibm.com/support/docview.wss?uid=swg1IV16497

www-01.ibm.com/support/docview.wss?uid=swg21610081

exchange.xforce.ibmcloud.com/vulnerabilities/73534

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2012-0714

prion1 cvelist1 ibm1