6.8

CVE-2012-2184

EPSS 0.61%
Published 10.09.2012 17:55:01
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Change And Configuration Management Database Version6.0

Ibm ≫ Change And Configuration Management Database Version7.0

Ibm ≫ Maximo Asset Management Version7.1.0.0

Ibm ≫ Maximo Asset Management Version7.5.0.0

Ibm ≫ Maximo Service Desk Version6.2

Ibm ≫ Smartcloud Control Desk Version7.0

Ibm ≫ Tivoli Asset Management For It Version6.0

Ibm ≫ Tivoli Asset Management For It Version6.2

Ibm ≫ Tivoli Asset Management For It Version7.0

Ibm ≫ Tivoli Asset Management For It Version7.1

Ibm ≫ Tivoli Asset Management For It Version7.2

Ibm ≫ Tivoli Service Request Manager Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.61%	0.672

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/50551

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21610081

http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887

https://exchange.xforce.ibmcloud.com/vulnerabilities/75780

https://nvd.nist.gov/vuln/detail/CVE-2012-2184

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2184

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2184

EUVD