PT-2012-1519 · Ibm · Ibm Tivoli Change/Configuration Management Database+4
Published
2012-03-13
·
Updated
2018-01-10
·
CVE-2011-1394
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
IBM Maximo Asset Management and Asset Management Essentials versions 6.2, 7.1, and 7.5
IBM Tivoli Asset Management for IT versions 6.2, 7.1, and 7.2
IBM Tivoli Service Request Manager versions 7.1 and 7.2
IBM Maximo Service Desk version 6.2
IBM Tivoli Change and Configuration Management Database (CCMDB) versions 6.2, 7.1, and 7.2
Description
The issue allows remote attackers to cause a denial of service by consuming memory through establishing many UI sessions within one HTTP session.
Recommendations
For IBM Maximo Asset Management and Asset Management Essentials versions 6.2, 7.1, and 7.5, restrict access to UI sessions to minimize the risk of exploitation.
For IBM Tivoli Asset Management for IT versions 6.2, 7.1, and 7.2, limit the number of UI sessions within one HTTP session.
For IBM Tivoli Service Request Manager versions 7.1 and 7.2, consider implementing session management controls.
For IBM Maximo Service Desk version 6.2, restrict UI session access.
For IBM Tivoli Change and Configuration Management Database (CCMDB) versions 6.2, 7.1, and 7.2, apply configuration changes to limit UI session establishment.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Maximo Asset Management
Maximo Service Desk
Tivoli Asset Management For It
Ibm Tivoli Change/Configuration Management Database
Tivoli Service Request Manager