CVE-2012-2959

BMC Identity Management Suite 7.5.00.103 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2959. PoCs published by Travis Lee.

AI-analyzed exploit summary This is a CSRF PoC for CVE-2012-2959 targeting BMC Identity Management. It exploits the lack of proper HTTP request validation to change a user's password without their consent.

Description

Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Travis Lee · htmlwebappsjava

https://www.exploit-db.com/exploits/37372

View Code ZIP pw:eip

This is a CSRF PoC for CVE-2012-2959 targeting BMC Identity Management. It exploits the lack of proper HTTP request validation to change a user's password without their consent.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: BMC Identity Management (version not specified)

No auth needed

Prerequisites: Victim must be authenticated in the target application · Attacker must trick the victim into visiting the malicious HTML page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/221180

Scores

EPSS 0.0115

EPSS Percentile 62.7%

Details

CWE

CWE-352

Status published

Products (1)

bmc/identity_management_suite 7.5.00.103

Published Jun 11, 2012

Tracked Since Feb 18, 2026