CVE-2011-4817

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 6.2 through 7.5 IBM Tivoli Asset Management for IT versions 6.2 through 7.2 IBM Tivoli Service Request Manager versions 7.1 through 7.2 IBM Maximo Service Desk version 6.2 IBM Tivoli Change and Configuration Management Database (CCMDB) versions 6.2 through 7.2

Description The issue affects the About option on the Help menu, potentially allowing remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.

Recommendations For IBM Maximo Asset Management versions 6.2 through 7.5, consider restricting access to the About option on the Help menu until a fix is available. For IBM Tivoli Asset Management for IT versions 6.2 through 7.2, consider disabling the display of usernames in the About option as a temporary workaround. For IBM Tivoli Service Request Manager versions 7.1 through 7.2, restrict access to the About option to minimize the risk of exploitation. For IBM Maximo Service Desk version 6.2, consider removing the About option from the Help menu until a patch is available. For IBM Tivoli Change and Configuration Management Database (CCMDB) versions 6.2 through 7.2, avoid using the About option on the Help menu until the issue is resolved.