CSRF in Ibm Maximo_asset_management
CVE-2011-1397
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.002 (47.0th percentile) — read the EPSS interpretation.
Affected products
- Ibm Maximo_asset_management — versions 6.2, 7.1, 7.5
- Ibm Maximo_asset_management_essentials — versions 6.2, 7.1, 7.5
- Ibm Maximo_service_desk — versions 6.2
- Ibm Tivoli_asset_management_for_it — versions 6.2, 7.1, 7.2
- Ibm Tivoli_change_and_configuration_management_database — versions 6.2, 7.1, 7.2
- Ibm Trivoli_service_request_manager — versions 7.1, 7.2
- N/a — versions n/a
Weakness classification (CWE)
References
- maximo-laborreporting-csrf(72000) (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 48299 (x_refsource_SECUNIA, third-party-advisory)
- 48305 (x_refsource_SECUNIA, third-party-advisory)
- 52333 (vdb-entry, x_refsource_BID)
- IV09193 (vendor-advisory, x_refsource_AIXAPAR)