CVE-2011-1394

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management and Asset Management Essentials versions 6.2, 7.1, and 7.5 IBM Tivoli Asset Management for IT versions 6.2, 7.1, and 7.2 IBM Tivoli Service Request Manager versions 7.1 and 7.2 IBM Maximo Service Desk version 6.2 IBM Tivoli Change and Configuration Management Database (CCMDB) versions 6.2, 7.1, and 7.2

Description The issue allows remote attackers to cause a denial of service by consuming memory through establishing many UI sessions within one HTTP session.

Recommendations For IBM Maximo Asset Management and Asset Management Essentials versions 6.2, 7.1, and 7.5, restrict access to UI sessions to minimize the risk of exploitation. For IBM Tivoli Asset Management for IT versions 6.2, 7.1, and 7.2, limit the number of UI sessions within one HTTP session. For IBM Tivoli Service Request Manager versions 7.1 and 7.2, consider implementing session management controls. For IBM Maximo Service Desk version 6.2, restrict UI session access. For IBM Tivoli Change and Configuration Management Database (CCMDB) versions 6.2, 7.1, and 7.2, apply configuration changes to limit UI session establishment.