1. CVE-Search
  2. CVE-2011-1394
ID CVE-2011-1394
Summary IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-01-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
aixapar IV09157
bid 52333
confirm http://www.ibm.com/support/docview.wss?uid=swg21584666
secunia
  • 48299
  • 48305
xf maximo-uisession-dos(71985)
Last major update 10-01-2018 - 02:29
Published 13-03-2012 - 03:12
Last modified 10-01-2018 - 02:29
Back to Top