Lucene search

[email protected]CVE-2012-6357

HistoryFeb 20, 2013 - 12:09 p.m.

CVE-2012-6357

2013-02-2012:09:22

CWE-264

[email protected]

web.nvd.nist.gov

ibm

maximo

asset management

smartcloud control desk

cve-2012-6357

nvd

security

privileges

bypass

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.5%

JSON

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.

Affected configurations

NVD

Node

ibmmaximo_asset_managementMatch7.5.0.0

ibmmaximo_asset_management_essentialsMatch7.5.0.0

ibmsmartcloud_control_deskMatch7.5.0.0

CPENameOperatorVersion
ibm:maximo_asset_managementibm maximo asset managementeq7.5.0.0
ibm:maximo_asset_management_essentialsibm maximo asset management essentialseq7.5.0.0
ibm:smartcloud_control_deskibm smartcloud control deskeq7.5.0.0

CPE	Name	Operator	Version
ibm:maximo_asset_management	ibm maximo asset management	eq	7.5.0.0
ibm:maximo_asset_management_essentials	ibm maximo asset management essentials	eq	7.5.0.0
ibm:smartcloud_control_desk	ibm smartcloud control desk	eq	7.5.0.0

References

www-01.ibm.com/support/docview.wss?uid=swg1IV23511

www-01.ibm.com/support/docview.wss?uid=swg21625624

exchange.xforce.ibmcloud.com/vulnerabilities/80749

6.6 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVE-2012-6357

nvd1 prion1 cvelist1