| Vulnerability Name: | CVE-2013-0452 (CCN-80968) | ||||||||
| Assigned: | 2012-12-16 | ||||||||
| Published: | 2013-03-20 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-0452 Source: CCN Type: SA52767 IBM Tivoli Endpoint Manager for Software Use Analysis Cross-Site Request Forgery Vulnerability Source: AIXAPAR Type: UNKNOWN IV38145 Source: CCN Type: IBM Security Bulletin 1631350 Tivoli Endpoint Manager for Software Use (CVE-2013-0452) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21631350 Source: CCN Type: BID-58661 IBM Tivoli Endpoint Manager CVE-2013-0452 Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN tem-sua-csrf(80968) Source: XF Type: UNKNOWN tem-sua-csrf(80968) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||