1. Home
  2. CVE Database
  3. CVE-2011-1397
MEDIUM · 6.8

CVE-2011-1397

Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7....

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
IbmMaximo Asset Management6.2
IbmMaximo Asset Management Essentials6.2
IbmTivoli Asset Management For It6.2
IbmTrivoli Service Request Manager7.1
IbmMaximo Service Desk6.2
IbmTivoli Change And Configuration Management Database6.2

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2011-1397?

CVE-2011-1397 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7....

How severe is CVE-2011-1397?

CVE-2011-1397 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1397?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Maximo Asset Management, Ibm Maximo Asset Management Essentials, Ibm Tivoli Asset Management For It, Ibm Trivoli Service Request Manager, Ibm Maximo Service Desk.