SQL Injection in Ibm Maximo_asset_management
CVE-2011-4816
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Ma…
Vulnerability class: SQL Injection
EPSS: 0.006 (68.8th percentile) — read the EPSS interpretation.
Affected products
- Ibm Maximo_asset_management — versions 6.2, 7.1, 7.5
- Ibm Maximo_asset_management_essentials — versions 6.2, 7.1, 7.5
- Ibm Maximo_service_desk — versions 6.2
- Ibm Tivoli_asset_management_for_it — versions 6.2, 7.1, 7.2
- Ibm Tivoli_change_and_configuration_management_database — versions 6.2, 7.1, 7.2
- Ibm Trivoli_service_request_manager — versions 7.1, 7.2
- N/a — versions n/a
Weakness classification (CWE)
References
- maximo-kpi-sql-injection(72001) (vdb-entry, x_refsource_XF)
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- 48299 (x_refsource_SECUNIA, third-party-advisory)
- 48305 (x_refsource_SECUNIA, third-party-advisory)
- 52333 (vdb-entry, x_refsource_BID)
- IV09194 (vendor-advisory, x_refsource_AIXAPAR)