CVE-2011-4816: SQL Injection
First published: Tue Mar 13 2012(Updated: )
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =6.2 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.5 | |
| IBM Maximo Asset Management Essentials | =6.2 | |
| IBM Maximo Asset Management Essentials | =7.1 | |
| IBM Maximo Asset Management Essentials | =7.5 | |
| IBM Tivoli IT Asset Management for IT | =6.2 | |
| IBM Tivoli IT Asset Management for IT | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =7.2 | |
| IBM Tivoli Service Request Manager | =7.1 | |
| IBM Tivoli Service Request Manager | =7.2 | |
| IBM Maximo Service Desk | =6.2 | |
| IBM Tivoli Change and Configuration Management Database | =6.2 | |
| IBM Tivoli Change and Configuration Management Database | =7.1 | |
| IBM Tivoli Change and Configuration Management Database | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-4816?
CVE-2011-4816 is rated as a medium severity SQL injection vulnerability.
How do I fix CVE-2011-4816?
To fix CVE-2011-4816, apply the necessary patches provided by IBM for your affected version of the software.
Which products are affected by CVE-2011-4816?
CVE-2011-4816 affects IBM Maximo Asset Management, IBM Tivoli Asset Management for IT, and other related products.
What type of vulnerability is CVE-2011-4816?
CVE-2011-4816 is an SQL injection vulnerability that allows attackers to manipulate database queries.
Is CVE-2011-4816 included in IBM’s security updates?
Yes, CVE-2011-4816 is included in IBM's security updates for the affected products.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/6.2
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.5
- canonical/ibm maximo asset management essentials
- version/ibm maximo asset management essentials/6.2
- version/ibm maximo asset management essentials/7.1
- version/ibm maximo asset management essentials/7.5
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/6.2
- version/ibm tivoli it asset management for it/7.1
- version/ibm tivoli it asset management for it/7.2
- canonical/ibm tivoli service request manager
- version/ibm tivoli service request manager/7.1
- version/ibm tivoli service request manager/7.2
- canonical/ibm maximo service desk
- version/ibm maximo service desk/6.2
- canonical/ibm tivoli change and configuration management database
- version/ibm tivoli change and configuration management database/6.2
- version/ibm tivoli change and configuration management database/7.1
- version/ibm tivoli change and configuration management database/7.2