CVE-2012-3333

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
ibmsmartcloud_control_desk
7.0
ibmsmartcloud_control_desk
7.5
ibmsmartcloud_control_desk
7.5.0.0
ibmsmartcloud_control_desk
7.5.0.1
ibmsmartcloud_control_desk
7.5.0.2
ibmsmartcloud_control_desk
7.5.1.0
ibmsmartcloud_control_desk
7.5.1.1
ibmmaximo_asset_management
7.1
ibmmaximo_asset_management
7.1.1
ibmmaximo_asset_management
7.1.1.1
ibmmaximo_asset_management
7.1.1.2
ibmmaximo_asset_management
7.1.1.5
ibmmaximo_asset_management
7.1.1.6
ibmmaximo_asset_management
7.1.1.7
ibmmaximo_asset_management
7.1.1.8
ibmmaximo_asset_management
7.1.1.9
ibmmaximo_asset_management
7.1.1.10
ibmmaximo_asset_management
7.1.1.11
ibmmaximo_asset_management
7.1.1.12
ibmmaximo_asset_management
7.1.2
ibmmaximo_asset_management
7.5.0.0
ibmmaximo_asset_management
7.5.0.1
ibmmaximo_asset_management
7.5.0.2
ibmmaximo_asset_management
7.5.0.3
ibmmaximo_asset_management
7.5.0.4
ibmmaximo_asset_management
7.5.0.5
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377
http://www-01.ibm.com/support/docview.wss?uid=swg21670870
https://exchange.xforce.ibmcloud.com/vulnerabilities/78145
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377
http://www-01.ibm.com/support/docview.wss?uid=swg21670870
https://exchange.xforce.ibmcloud.com/vulnerabilities/78145