CVE-2012-0714: CSRF
First published: Mon Sep 10 2012(Updated: )
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Change and Configuration Management Database | =6.0 | |
| IBM Tivoli Change and Configuration Management Database | =7.0 | |
| IBM Maximo Asset Management | =6.2.0.0 | |
| IBM Maximo Asset Management | =7.1.0.0 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Service Desk | =6.2 | |
| IBM Control Desk | =7.0 | |
| IBM Tivoli IT Asset Management for IT | =6.0 | |
| IBM Tivoli IT Asset Management for IT | =6.2 | |
| IBM Tivoli IT Asset Management for IT | =7.0 | |
| IBM Tivoli IT Asset Management for IT | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =7.2 | |
| IBM Tivoli Service Request Manager | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0714?
CVE-2012-0714 is categorized as a moderate severity Cross-site Request Forgery (CSRF) vulnerability.
How do I fix CVE-2012-0714?
To fix CVE-2012-0714, apply the latest patches and updates provided by IBM for affected software versions.
What versions are affected by CVE-2012-0714?
CVE-2012-0714 affects IBM Maximo Asset Management versions 6.2 through 7.5, as well as other related IBM software products.
What type of attack does CVE-2012-0714 allow?
CVE-2012-0714 allows remote attackers to perform Cross-site Request Forgery (CSRF) attacks, potentially leading to unauthorized actions on behalf of authenticated users.
Is CVE-2012-0714 still a concern today?
Yes, CVE-2012-0714 remains a concern for users of affected software who have not implemented the recommended updates.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm tivoli change and configuration management database
- version/ibm tivoli change and configuration management database/6.0
- version/ibm tivoli change and configuration management database/7.0
- canonical/ibm maximo asset management
- version/ibm maximo asset management/6.2.0.0
- version/ibm maximo asset management/7.1.0.0
- version/ibm maximo asset management/7.5.0.0
- canonical/ibm maximo service desk
- version/ibm maximo service desk/6.2
- canonical/ibm control desk
- version/ibm control desk/7.0
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/6.0
- version/ibm tivoli it asset management for it/6.2
- version/ibm tivoli it asset management for it/7.0
- version/ibm tivoli it asset management for it/7.1
- version/ibm tivoli it asset management for it/7.2
- canonical/ibm tivoli service request manager
- version/ibm tivoli service request manager/7.0