Vulnerability Details CVE-2013-0452
Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145
- http://www-01.ibm.com/support/docview.wss?uid=swg21631350
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80968
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145
- http://www-01.ibm.com/support/docview.wss?uid=swg21631350
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80968
Products affected by CVE-2013-0452
-
cpe:2.3:a:ibm:software_use_analysis:*
-
cpe:2.3:a:ibm:tivoli_endpoint_manager:8.2