CVE-2013-0452

{"id": "CVE-2013-0452", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-03-29T16:08:58.597", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631350", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80968", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631350", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80968", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados en la aplicaci\u00f3n Software Use Analysis (SUA) antes de v1.3.3 en IBM Tivoli Endpoint v8.2 que permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios de su elecci\u00f3n a trav\u00e9s de un sitio web que contiene un Flash Action Message Format (AMF) elaborado."}], "lastModified": "2024-11-21T01:47:36.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:software_use_analysis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7E6181F-0A16-41D9-A61F-6EDE6A18E587", "versionEndIncluding": "1.3.2"}, {"criteria": "cpe:2.3:a:ibm:tivoli_endpoint_manager:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44AD90CA-7CFA-42AF-ABD1-EFB7AD33386B"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}