Lucene search

[email protected]CVE-2012-3333

HistoryMay 26, 2014 - 11:14 a.m.

CVE-2012-3333

2014-05-2611:14:51

[email protected]

web.nvd.nist.gov

cve-2012-3333

crlf injection

ibm maximo

asset management

http headers

http response splitting

remote attackers

vulnerability

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.5%

JSON

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.

Affected configurations

NVD

Node

ibmsmartcloud_control_deskMatch7.0

ibmsmartcloud_control_deskMatch7.5

ibmsmartcloud_control_deskMatch7.5.0.0

ibmsmartcloud_control_deskMatch7.5.0.1

ibmsmartcloud_control_deskMatch7.5.0.2

ibmsmartcloud_control_deskMatch7.5.1.0

ibmsmartcloud_control_deskMatch7.5.1.1

Node

ibmmaximo_asset_managementMatch7.1

ibmmaximo_asset_managementMatch7.1.1

ibmmaximo_asset_managementMatch7.1.1.1

ibmmaximo_asset_managementMatch7.1.1.2

ibmmaximo_asset_managementMatch7.1.1.5

ibmmaximo_asset_managementMatch7.1.1.6

ibmmaximo_asset_managementMatch7.1.1.7

ibmmaximo_asset_managementMatch7.1.1.8

ibmmaximo_asset_managementMatch7.1.1.9

ibmmaximo_asset_managementMatch7.1.1.10

ibmmaximo_asset_managementMatch7.1.1.11

ibmmaximo_asset_managementMatch7.1.1.12

ibmmaximo_asset_managementMatch7.1.2

ibmmaximo_asset_managementMatch7.5.0.0

ibmmaximo_asset_managementMatch7.5.0.1

ibmmaximo_asset_managementMatch7.5.0.2

ibmmaximo_asset_managementMatch7.5.0.3

ibmmaximo_asset_managementMatch7.5.0.4

ibmmaximo_asset_managementMatch7.5.0.5

CPENameOperatorVersion
ibm:smartcloud_control_deskibm smartcloud control deskeq7.0
ibm:smartcloud_control_deskibm smartcloud control deskeq7.5
ibm:smartcloud_control_deskibm smartcloud control deskeq7.5.0.0
ibm:smartcloud_control_deskibm smartcloud control deskeq7.5.0.1
ibm:smartcloud_control_deskibm smartcloud control deskeq7.5.0.2
ibm:smartcloud_control_deskibm smartcloud control deskeq7.5.1.0
ibm:smartcloud_control_deskibm smartcloud control deskeq7.5.1.1

CPE	Name	Operator	Version
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.0
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.5
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.5.0.0
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.5.0.1
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.5.0.2
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.5.1.0
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.5.1.1