CVE-2011-4818

2012-03-1303:12:26

CWE-20

[email protected]

web.nvd.nist.gov

ibm

maximo

asset management

essentials

open redirect

vulnerability

nvd

cve-2011-4818

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.

Affected configurations

NVD

Node

ibmmaximo_asset_managementMatch6.2

ibmmaximo_asset_managementMatch7.1

ibmmaximo_asset_managementMatch7.5

ibmmaximo_asset_management_essentialsMatch6.2

ibmmaximo_asset_management_essentialsMatch7.1

ibmmaximo_asset_management_essentialsMatch7.5

CPENameOperatorVersion
ibm:maximo_asset_managementibm maximo asset managementeq6.2
ibm:maximo_asset_managementibm maximo asset managementeq7.1
ibm:maximo_asset_managementibm maximo asset managementeq7.5
ibm:maximo_asset_management_essentialsibm maximo asset management essentialseq6.2
ibm:maximo_asset_management_essentialsibm maximo asset management essentialseq7.1
ibm:maximo_asset_management_essentialsibm maximo asset management essentialseq7.5

CPE	Name	Operator	Version
ibm:maximo_asset_management	ibm maximo asset management	eq	6.2
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1
ibm:maximo_asset_management	ibm maximo asset management	eq	7.5
ibm:maximo_asset_management_essentials	ibm maximo asset management essentials	eq	6.2
ibm:maximo_asset_management_essentials	ibm maximo asset management essentials	eq	7.1
ibm:maximo_asset_management_essentials	ibm maximo asset management essentials	eq	7.5