CVE-2013-0452

EUVD-2013-0463
Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
ibmsoftware_use_analysis
𝑥
≤ 1.3.2
ibmtivoli_endpoint_manager
8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145
http://www-01.ibm.com/support/docview.wss?uid=swg21631350
https://exchange.xforce.ibmcloud.com/vulnerabilities/80968
http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145
http://www-01.ibm.com/support/docview.wss?uid=swg21631350
https://exchange.xforce.ibmcloud.com/vulnerabilities/80968