CVE-2013-0452

Name of the Vulnerable Software and Affected Versions IBM Tivoli Endpoint Manager 8.2 versions prior to 1.3.3

Description A cross-site request forgery (CSRF) issue exists in the Software Use Analysis (SUA) application, allowing remote attackers to hijack the authentication of arbitrary users via a web site that contains crafted Flash Action Message Format (AMF) messages.

Recommendations For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SUA application to minimize the risk of exploitation.