IBM Tivoli Endpoint Manager CVE-2013-0452 Cross Site Request Forgery Vulnerability

Bugtraq ID:	58661
Class:	Input Validation Error
CVE:	CVE-2013-0452
Remote:	Yes
Local:	No
Published:	Mar 20 2013 12:00AM
Updated:	Mar 20 2013 12:00AM
Credit:	UC Berkeley
Vulnerable:	IBM Tivoli Endpoint Manager for Software Use Analysis 1.3 IBM Tivoli Endpoint Manager 8.2
Not Vulnerable:

IBM Tivoli Endpoint Manager CVE-2013-0452 Cross Site Request Forgery Vulnerability

IBM Tivoli Endpoint Manager is prone to a cross-site request-forgery vulnerability because it fails to properly validate specially crafted malicious Flash Action Message Format (AMF) messages.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

IBM Tivoli Endpoint Manager 8.2 is vulnerable; other versions may also be affected.

IBM Tivoli Endpoint Manager CVE-2013-0452 Cross Site Request Forgery Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

IBM Tivoli Endpoint Manager CVE-2013-0452 Cross Site Request Forgery Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Tivoli Endpoint Manager CVE-2013-0452 Cross Site Request Forgery Vulnerability

References:

• IBM Homepage (IBM)
  
• Security Bulletin: Tivoli Endpoint Manager for Software Use (CVE-2013-0452) (IBM)