Lucene search

[email protected]CVE-2012-2183

HistorySep 10, 2012 - 5:55 p.m.

CVE-2012-2183

2012-09-1017:55:01

[email protected]

web.nvd.nist.gov

cve-2012-2183

session fixation

ibm maximo asset management

smartcloud control desk

tivoli asset management for it

tivoli service request manager

maximo service desk

change and configuration management database

ccmdb

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

JSON

Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.

Affected configurations

NVD

Node

ibmchange_and_configuration_management_databaseMatch6.0

ibmchange_and_configuration_management_databaseMatch7.0

ibmmaximo_asset_managementMatch6.2.0.0

ibmmaximo_asset_managementMatch7.1.0.0

ibmmaximo_asset_managementMatch7.5.0.0

ibmmaximo_service_deskMatch6.2

ibmsmartcloud_control_deskMatch7.0

ibmtivoli_asset_management_for_itMatch6.0

ibmtivoli_asset_management_for_itMatch6.2

ibmtivoli_asset_management_for_itMatch7.0

ibmtivoli_asset_management_for_itMatch7.1

ibmtivoli_asset_management_for_itMatch7.2

ibmtivoli_service_request_managerMatch7.0

CPENameOperatorVersion
ibm:change_and_configuration_management_databaseibm change and configuration management databaseeq6.0
ibm:change_and_configuration_management_databaseibm change and configuration management databaseeq7.0
ibm:maximo_asset_managementibm maximo asset managementeq6.2.0.0
ibm:maximo_asset_managementibm maximo asset managementeq7.1.0.0
ibm:maximo_asset_managementibm maximo asset managementeq7.5.0.0
ibm:maximo_service_deskibm maximo service deskeq6.2
ibm:smartcloud_control_deskibm smartcloud control deskeq7.0
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq6.0
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq6.2
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq7.0

CPE	Name	Operator	Version
ibm:change_and_configuration_management_database	ibm change and configuration management database	eq	6.0
ibm:change_and_configuration_management_database	ibm change and configuration management database	eq	7.0
ibm:maximo_asset_management	ibm maximo asset management	eq	6.2.0.0
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1.0.0
ibm:maximo_asset_management	ibm maximo asset management	eq	7.5.0.0
ibm:maximo_service_desk	ibm maximo service desk	eq	6.2
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.0
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	6.0
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	6.2
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	7.0

Rows per page:

1-10 of 131

References

osvdb.org/85185

secunia.com/advisories/50551

www-01.ibm.com/support/docview.wss?uid=swg1IV09212

www-01.ibm.com/support/docview.wss?uid=swg21610081

exchange.xforce.ibmcloud.com/vulnerabilities/75776

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2012-2183

nvd1 prion1 cvelist1 ibm1