Vulnerabilities > CVE-2012-2184 - Unspecified vulnerability in IBM products

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

ibm

NVD

Published: 2012-09-10

Updated: 2017-08-29

Summary

Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Change AND Configuration Management Database 6.0 IBM Change AND Configuration Management Database 7.0 IBM Maximo Asset Management 7.1.0.0 IBM Maximo Asset Management 7.5.0.0 IBM Maximo Service Desk 6.2 IBM Smartcloud Control Desk 7.0 IBM Tivoli Asset Management FOR IT 6.0 IBM Tivoli Asset Management FOR IT 6.2 IBM Tivoli Asset Management FOR IT 7.0 IBM Tivoli Asset Management FOR IT 7.1 IBM Tivoli Asset Management FOR IT 7.2 IBM Tivoli Service Request Manager 7.0	12

Summary

Vulnerable Configurations

References