CVE-2013-0452

Published: Mar 29, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.

Affected (2)

Products: Ibm: Software Use Analysis, Tivoli Endpoint Manager

2 products

Software Use Analysis

Tivoli Endpoint Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Software Use Analysis	Up to 1.3.2
Ibm Tivoli Endpoint Manager	Version 8.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21631350

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/80968

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21631350

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/80968

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.