CVE-2012-2185

IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/85183
http://secunia.com/advisories/50551	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942
http://www-01.ibm.com/support/docview.wss?uid=swg21610081
https://exchange.xforce.ibmcloud.com/vulnerabilities/75784

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:::::::*
	cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:::::::*
	cpe:2.3:a:ibm:maximo_service_desk:6.2:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:::::::*
	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:::::::*
	cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:::::::*

History

No history.

Information

Published : 2012-09-10 17:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-2185

Mitre link : CVE-2012-2185

CVE.ORG link : CVE-2012-2185

JSON object : View

Products Affected

ibm

smartcloud_control_desk
tivoli_asset_management_for_it
change_and_configuration_management_database
maximo_asset_management
maximo_service_desk
tivoli_service_request_manager

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2012-2185", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-09-10T17:55:01.460", "references": [{"url": "http://osvdb.org/85183", "source": "psirt@us.ibm.com"}, {"url": "http://secunia.com/advisories/50551", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors."}, {"lang": "es", "value": "IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados para obtener informaci\u00f3n sensible a trav\u00e9s indeterminado vectores."}], "lastModified": "2017-08-29T01:31:33.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53"}, {"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4"}, {"criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503"}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E"}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7"}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A"}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D"}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3"}, {"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346"}, {"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}