CVE-2012-2184 - OpenCVE

Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Tivoli Asset Management For It Tivoli Service Request Manager Maximo Asset Management Change And Configuration Management Database Smartcloud Control Desk Maximo Service Desk

Configuration 1 [-]

OR	cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:::::::*
	cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:::::::*
	cpe:2.3:a:ibm:maximo_service_desk:6.2:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:::::::*
	cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:::::::*

References

Link	Resource
http://secunia.com/advisories/50551	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887
http://www-01.ibm.com/support/docview.wss?uid=swg21610081
https://exchange.xforce.ibmcloud.com/vulnerabilities/75780

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2012-09-10T17:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2184

JSON object: View

NVD Information

Status : Modified

Published: 2012-09-10T17:55:01.413

Modified: 2017-08-29T01:31:33.147

Link: CVE-2012-2184

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-09-04T00:00:00", "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-maximo-session-fixation-iv19887(75780)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"}, {"name": "IV19887", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"}, {"name": "50551", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50551"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2184", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-maximo-session-fixation-iv19887(75780)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"}, {"name": "IV19887", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"}, {"name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2184", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en IBM Maximo Asset Management 7.1 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'", "id": "CVE-2012-2184", "lastModified": "2017-08-29T01:31:33.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-09-10T17:55:01.413", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50551"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}