Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-2959
cve-2012-2959
cross-site request forgery
csrf
bmc identity management suite
authentication hijacking
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.1%
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
Affected configurations
Node
bmcidentity_management_suiteMatch7.5.00.103
| CPE | Name | Operator | Version |
|---|---|---|---|
| bmc:identity_management_suite | bmc identity management suite | eq | 7.5.00.103 |
References
Related
cert
cert
BMC Identity Management Suite cross-site request forgery vulnerability
2012-06-11 00:00:00
prion
prion
Cross site request forgery (csrf)
2012-06-11 23:55:00
cvelist
cvelist
CVE-2012-2959
2022-10-03 16:15:35
nvd
nvd
CVE-2012-2959
2012-06-11 23:55:01
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.1%
Related for CVE-2012-2959