First published: Tue Mar 13 2012(Updated: )
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Maximo Asset Management | =6.2 | |
IBM Maximo Asset Management | =7.1 | |
IBM Maximo Asset Management | =7.5 | |
Ibm Maximo Asset Management Essentials | =6.2 | |
Ibm Maximo Asset Management Essentials | =7.1 | |
Ibm Maximo Asset Management Essentials | =7.5 | |
IBM Tivoli Asset Management for IT | =6.2 | |
IBM Tivoli Asset Management for IT | =7.1 | |
IBM Tivoli Asset Management for IT | =7.2 | |
Ibm Trivoli Service Request Manager | =7.1 | |
Ibm Trivoli Service Request Manager | =7.2 | |
IBM Maximo Service Desk | =6.2 | |
IBM Tivoli Change and Configuration Management Database | =6.2 | |
IBM Tivoli Change and Configuration Management Database | =7.1 | |
IBM Tivoli Change and Configuration Management Database | =7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-1394 has been classified with high severity due to its potential impact on vulnerable IBM software.
To fix CVE-2011-1394, users should apply the latest patches or updates provided by IBM for the affected software versions.
CVE-2011-1394 affects various versions of IBM Maximo Asset Management, IBM Tivoli Asset Management for IT, IBM Tivoli Service Request Manager, and IBM Tivoli Change and Configuration Management Database.
Yes, CVE-2011-1394 can be exploited remotely if the vulnerable software is exposed to the internet.
While patching is the recommended solution, temporarily restricting access to the affected services can serve as a workaround until a patch is applied.