CSRF Vulnerability in IBM Maximo Asset Management Software
CVE-2012-0714

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Asset Management For It; Maximo Asset Management; Smartcloud Control Desk; Change And Configuration Management Database
Vendor: CVE Published:; 10 September 2012

What is CVE-2012-0714?

IBM Maximo Asset Management contains a cross-site request forgery (CSRF) vulnerability that allows remote attackers to hijack the authentication of users without their knowledge. This vulnerability affects multiple versions of the product as well as related applications like SmartCloud Control Desk and Tivoli management tools. Attackers can exploit this vulnerability via unknown vectors, posing a significant risk to the security of system operations and user data.

References

http://osvdb.org/85179

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/50551

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/73534

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2012
Vulnerability Reserved
Jan 17, 2012