CVE-2012-3333

5 documents4 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 52.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Asset Management IBM Smartcloud Control Desk

Timeline

PublishedMay 26

Latest updateMay 17

Description

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/maximo_asset_management19 versions+18

▶NVDibm/smartcloud_control_desk7 versions+6

🔴Vulnerability Details

GHSA

GHSA-jp2p-x75q-6xp5: CRLF injection vulnerability in IBM Maximo Asset Management 7↗2022-05-17

▶

CVEList

CVE-2012-3333: CRLF injection vulnerability in IBM Maximo Asset Management 7↗2014-05-26

▶

🕵️Threat Intelligence

Talos

Phishing Games↗2012-07-30

▶