CVE-2012-6355

CWE-2643 documents3 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 39.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Change AND Configuration Management Database IBM Maximo Asset Management IBM Maximo Asset Management Essentials +4 more

Timeline

PublishedFeb 20

Latest updateMay 17

Description

IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages7 packages

▶NVDibm/maximo_asset_management_essentials6.2.0.0, 7.5.0.0+1

▶NVDibm/maximo_asset_management21 versions+20

▶NVDibm/tivoli_asset_management5 versions+4

▶NVDibm/maximo_service_desk6.2

▶NVDibm/change_and_configuration_management_database7.1., 7.2.0+1

🔴Vulnerability Details

GHSA

GHSA-24v6-wpg8-6mjg: IBM Maximo Asset Management 6↗2022-05-17

▶

CVEList

CVE-2012-6355: IBM Maximo Asset Management 6↗2013-02-20

▶