CVE-2012-3333

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377
http://www-01.ibm.com/support/docview.wss?uid=swg21670870	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/78145
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377
http://www-01.ibm.com/support/docview.wss?uid=swg21670870	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/78145

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:smartcloud_control_desk:7.0:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.5:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:::::::*
	cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:maximo_asset_management:7.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.1.2:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:::::::*
	cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:::::::*

History

21 Nov 2024, 01:40

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21670870 - Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21670870 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/78145 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/78145 -

Information

Published : 2014-05-26 11:14

Updated : 2025-04-12 10:46

NVD link : CVE-2012-3333

Mitre link : CVE-2012-3333

CVE.ORG link : CVE-2012-3333

JSON object : View

Products Affected

ibm

maximo_asset_management
smartcloud_control_desk

CWE

NVD-CWE-Other

{"id": "CVE-2012-3333", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-26T11:14:51.110", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de un par\u00e1metro manipulado en una URL."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E"}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27"}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F"}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0"}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF"}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68"}, {"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89"}, {"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/93.html\n\n\"CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')\"", "sourceIdentifier": "psirt@us.ibm.com"}

4.3 /10