CVE-2011-1397: CSRF
First published: Tue Mar 13 2012(Updated: )
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =7.5 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =6.2 | |
| IBM Maximo Asset Management Essentials | =6.2 | |
| IBM Maximo Asset Management Essentials | =7.5 | |
| IBM Maximo Asset Management Essentials | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =7.2 | |
| IBM Tivoli IT Asset Management for IT | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =6.2 | |
| IBM Tivoli Service Request Manager | =7.1 | |
| IBM Tivoli Service Request Manager | =7.2 | |
| IBM Maximo Service Desk | =6.2 | |
| IBM Tivoli Change and Configuration Management Database | =7.1 | |
| IBM Tivoli Change and Configuration Management Database | =7.2 | |
| IBM Tivoli Change and Configuration Management Database | =6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1397?
CVE-2011-1397 is classified as a medium severity cross-site request forgery (CSRF) vulnerability.
How do I fix CVE-2011-1397?
To mitigate CVE-2011-1397, implement CSRF tokens in forms and validate incoming requests for authenticity.
Which IBM software is affected by CVE-2011-1397?
CVE-2011-1397 affects multiple IBM products including Maximo Asset Management, Tivoli Asset Management, and Maximo Service Desk across various versions.
What are the potential impacts of CVE-2011-1397?
If exploited, CVE-2011-1397 could allow an attacker to perform unauthorized actions on behalf of authenticated users.
Is there a patch available for CVE-2011-1397?
IBM has provided updates and patches for affected software versions to address CVE-2011-1397; check the official IBM support channels for specific remedies.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.5
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/6.2
- canonical/ibm maximo asset management essentials
- version/ibm maximo asset management essentials/6.2
- version/ibm maximo asset management essentials/7.5
- version/ibm maximo asset management essentials/7.1
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/7.2
- version/ibm tivoli it asset management for it/7.1
- version/ibm tivoli it asset management for it/6.2
- canonical/ibm tivoli service request manager
- version/ibm tivoli service request manager/7.1
- version/ibm tivoli service request manager/7.2
- canonical/ibm maximo service desk
- version/ibm maximo service desk/6.2
- canonical/ibm tivoli change and configuration management database
- version/ibm tivoli change and configuration management database/7.1
- version/ibm tivoli change and configuration management database/7.2
- version/ibm tivoli change and configuration management database/6.2