CVE-2013-0452

Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145
http://www-01.ibm.com/support/docview.wss?uid=swg21631350	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/80968

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:software_use_analysis::::::::
	cpe:2.3:a:ibm:tivoli_endpoint_manager:8.2:::::::*

History

No history.

Information

Published : 2013-03-29 16:08

Updated : 2024-02-04 18:16

NVD link : CVE-2013-0452

Mitre link : CVE-2013-0452

CVE.ORG link : CVE-2013-0452

JSON object : View

Products Affected

ibm

tivoli_endpoint_manager
software_use_analysis

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2013-0452", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-03-29T16:08:58.597", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631350", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80968", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados en la aplicaci\u00f3n Software Use Analysis (SUA) antes de v1.3.3 en IBM Tivoli Endpoint v8.2 que permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios de su elecci\u00f3n a trav\u00e9s de un sitio web que contiene un Flash Action Message Format (AMF) elaborado."}], "lastModified": "2017-08-29T01:33:01.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:software_use_analysis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7E6181F-0A16-41D9-A61F-6EDE6A18E587", "versionEndIncluding": "1.3.2"}, {"criteria": "cpe:2.3:a:ibm:tivoli_endpoint_manager:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44AD90CA-7CFA-42AF-ABD1-EFB7AD33386B"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}