Vulnerability Bulletins |
Vulnerabilidad CSRF en IBM Tivoli y otros |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
IBM Maximo Asset Management V7.5, V7.1 and V6.2 IBM Maximo Asset Management Essentials V7.5, V7.1 and V6.2, IBM Tivoli Asset Management for IT V7.1, V7.2, V6.2 IBM Tivoli Service Request Manager V7.1, V7.2 IBM Maximo Service Desk 6.2 IBM Change and Configuration Management Database V7.1, V7.2, V6.2 |
Description |
|
| Se ha descubierto un vulnerabilidad de tipo "cross-site request forgery" (CSRF), en Labor Reporting Page en IBM Maximo Asset Management, y Asset Management Essentials 6.2, 7.1 y 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1 y 7.2, IBM Tivoli Service Request 7.1 y 7,2; IBM Maximo Service Desk 6.2, e IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2, que permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. | |
Solution |
|
| Descargar y aplicar las actualizaciones publicadas por fabricante. | |
Standar resources |
|
| Property | Value |
| CVE |
CVE-2011-1394 CVE-2011-1395 CVE-2011-1396 CVE-2011-1397 CVE-2011-4816 CVE-2011-4817 CVE-2011-4818 CVE-2011-4819 CVE-2012-0195 |
| BID | |
Other resources |
|
|
Security Vulnerabilities Addressed in Asset and Service Mgmt http://www-01.ibm.com/support/docview.wss?uid=swg21584666 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2012-03-15 |