Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Software Use Analysis | <= 1.3.2 |
| Ibm | Tivoli Endpoint Manager | 8.2 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145
- http://www-01.ibm.com/support/docview.wss?uid=swg21631350Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80968
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145
- http://www-01.ibm.com/support/docview.wss?uid=swg21631350Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80968
FAQ
What is CVE-2013-0452?
CVE-2013-0452 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of a...
How severe is CVE-2013-0452?
CVE-2013-0452 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0452?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Software Use Analysis, Ibm Tivoli Endpoint Manager.