What is the severity of CVE-2012-2184?

CVE-2012-2184 is considered a medium severity vulnerability due to its potential for allowing remote session hijacking.

How do I fix CVE-2012-2184?

To mitigate CVE-2012-2184, users should upgrade to the latest patched versions of affected IBM products.

What products are affected by CVE-2012-2184?

CVE-2012-2184 affects IBM Maximo Asset Management versions 7.1 through 7.5, along with various Tivoli and SmartCloud products.

What type of attack does CVE-2012-2184 enable?

CVE-2012-2184 enables session fixation attacks, allowing attackers to hijack user sessions.

Is there a workaround for CVE-2012-2184?

Implementing secure session management practices and ensuring users log in through secure pages can serve as temporary workaround measures for CVE-2012-2184.

Vulnerability/
CVE-2012-2184

medium

6.8

10/9/2012

6/8/2024

CVE-2012-2184

First published: Mon Sep 10 2012(Updated: )

Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Tivoli Change and Configuration Management Database	=6.0
IBM Tivoli Change and Configuration Management Database	=7.0
IBM Maximo Asset Management	=7.1.0.0
IBM Maximo Asset Management	=7.5.0.0
IBM Maximo Service Desk	=6.2
IBM Control Desk	=7.0
IBM Tivoli IT Asset Management for IT	=6.0
IBM Tivoli IT Asset Management for IT	=6.2
IBM Tivoli IT Asset Management for IT	=7.0
IBM Tivoli IT Asset Management for IT	=7.1
IBM Tivoli IT Asset Management for IT	=7.2
IBM Tivoli Service Request Manager	=7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-2184?
CVE-2012-2184 is considered a medium severity vulnerability due to its potential for allowing remote session hijacking.
How do I fix CVE-2012-2184?
To mitigate CVE-2012-2184, users should upgrade to the latest patched versions of affected IBM products.
What products are affected by CVE-2012-2184?
CVE-2012-2184 affects IBM Maximo Asset Management versions 7.1 through 7.5, along with various Tivoli and SmartCloud products.
What type of attack does CVE-2012-2184 enable?
CVE-2012-2184 enables session fixation attacks, allowing attackers to hijack user sessions.
Is there a workaround for CVE-2012-2184?
Implementing secure session management practices and ensuring users log in through secure pages can serve as temporary workaround measures for CVE-2012-2184.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm tivoli change and configuration management database
version/ibm tivoli change and configuration management database/6.0
version/ibm tivoli change and configuration management database/7.0
canonical/ibm maximo asset management
version/ibm maximo asset management/7.1.0.0
version/ibm maximo asset management/7.5.0.0
canonical/ibm maximo service desk
version/ibm maximo service desk/6.2
canonical/ibm control desk
version/ibm control desk/7.0
canonical/ibm tivoli it asset management for it
version/ibm tivoli it asset management for it/6.0
version/ibm tivoli it asset management for it/6.2
version/ibm tivoli it asset management for it/7.0
version/ibm tivoli it asset management for it/7.1
version/ibm tivoli it asset management for it/7.2
canonical/ibm tivoli service request manager
version/ibm tivoli service request manager/7.0