6.8
CVE-2011-1397
- EPSS 1.05%
- Veröffentlicht 13.03.2012 03:12:25
- Zuletzt bearbeitet 16.06.2026 23:29:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Maximo Asset Management Version6.2
Ibm ≫ Maximo Asset Management Version7.1
Ibm ≫ Maximo Asset Management Version7.5
Ibm ≫ Maximo Asset Management Essentials Version6.2
Ibm ≫ Maximo Asset Management Essentials Version7.1
Ibm ≫ Maximo Asset Management Essentials Version7.5
Ibm ≫ Tivoli Asset Management For It Version6.2
Ibm ≫ Tivoli Asset Management For It Version7.1
Ibm ≫ Tivoli Asset Management For It Version7.2
Ibm ≫ Trivoli Service Request Manager Version7.1
Ibm ≫ Trivoli Service Request Manager Version7.2
Ibm ≫ Maximo Service Desk Version6.2
Ibm ≫ Tivoli Change And Configuration Management Database Version6.2
Ibm ≫ Tivoli Change And Configuration Management Database Version7.1
Ibm ≫ Tivoli Change And Configuration Management Database Version7.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.05% | 0.597 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://secunia.com/advisories/48299
http://secunia.com/advisories/48305
http://www.ibm.com/support/docview.wss?uid=swg21584666
http://www.securityfocus.com/bid/52333
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193
https://exchange.xforce.ibmcloud.com/vulnerabilities/72000