CVE-2012-2184

Severity

68%

Complexity

86%

Confidentiality

106%

Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'

Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.

Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

IBM

First reported 12 years ago

2012-09-10 17:55:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

IBM Change and Configuration Management Database (CCMDB) 6.0

6.0

IBM Change and Configuration Management Database (CCMDB) 7.0

7.0

IBM Maximo Asset Management 7.5.0.0

7.5.0.0

IBM Maximo Service Desk 6.2

6.2

IBM SmartCloud Control Desk 7.0

7.0

IBM Tivoli Asset Management for IT 6.0

6.0

IBM Tivoli Asset Management for IT 6.2

6.2

IBM Tivoli Asset Management for IT 7.0

7.0

IBM Tivoli Asset Management for IT 7.1

7.1

IBM Tivoli Asset Management for IT 7.2

7.2

IBM Tivoli Service Request Manager 7.0

7.0

References

50551

Vendor Advisory

IV19887

http://www-01.ibm.com/support/docview.wss?uid=swg21610081

ibm-maximo-session-fixation-iv19887(75780)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.