CVE-2013-0452

IBM Software Use Analysis < 1.3.3 - Cross-Site Request Forgery via Flash AMF Messages

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the Software Use Analysis (SUA) application before 1.3.3 in IBM Tivoli Endpoint Manager 8.2 allows remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80968
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV38145
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21631350

Scores

EPSS 0.0064
EPSS Percentile 46.2%

Details

CWE
CWE-352
Status published
Products (2)
ibm/software_use_analysis < 1.3.2
ibm/tivoli_endpoint_manager 8.2
Published Mar 29, 2013
Tracked Since Feb 18, 2026