Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3333

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3333
Last Modified 27 May 2014 01:18:13
Published 26 May 2014 07:14:51
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3333

Summary

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.

Vulnerable Systems

Application

  • Ibm Maximo Asset Management 7.1

  • Ibm Maximo Asset Management 7.1.1

  • Ibm Maximo Asset Management 7.1.1.1

  • Ibm Maximo Asset Management 7.1.1.10

  • Ibm Maximo Asset Management 7.1.1.11

  • Ibm Maximo Asset Management 7.1.1.12

  • Ibm Maximo Asset Management 7.1.1.2

  • Ibm Maximo Asset Management 7.1.1.5

  • Ibm Maximo Asset Management 7.1.1.6

  • Ibm Maximo Asset Management 7.1.1.7

  • Ibm Maximo Asset Management 7.1.1.8

  • Ibm Maximo Asset Management 7.1.1.9

  • Ibm Maximo Asset Management 7.1.2

  • Ibm Maximo Asset Management 7.5.0.0

  • Ibm Maximo Asset Management 7.5.0.1

  • Ibm Maximo Asset Management 7.5.0.2

  • Ibm Maximo Asset Management 7.5.0.3

  • Ibm Maximo Asset Management 7.5.0.4

  • Ibm Maximo Asset Management 7.5.0.5

  • Ibm Smartcloud Control Desk 7.0

  • Ibm Smartcloud Control Desk 7.5

  • Ibm Smartcloud Control Desk 7.5.0.0

  • Ibm Smartcloud Control Desk 7.5.0.1

  • Ibm Smartcloud Control Desk 7.5.0.2

  • Ibm Smartcloud Control Desk 7.5.1.0

  • Ibm Smartcloud Control Desk 7.5.1.1


References

XF - ibm-maximo-cve20123333-httprs(78145)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21670870

AIXAPAR - IV26377


Last Updated: 27 May 2016 11:05:21