Vulnerability Details : CVE-2012-2183
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2012-2183
Probability of exploitation activity in the next 30 days: 0.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2183
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2012-2183
-
http://www-01.ibm.com/support/docview.wss?uid=swg21610081
IBM Security Vulnerabilities Addressed in Asset and Service Mgmt
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75776
Multiple IBM products session hijacking CVE-2012-2183 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212
IBM notice: The page you requested cannot be displayed
Products affected by CVE-2012-2183
- cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*