CVE-2011-1394

IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.

Published: Mar 13, 2012
Updated: Nov 9, 2025
CVE: CVE-2011-1394
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
ibm / maximo_asset_management	7.5	7.5.x
ibm / maximo_asset_management	7.1	7.1.x
ibm / maximo_asset_management	6.2	6.2.x
ibm / maximo_asset_management_essentials	6.2	6.2.x
ibm / maximo_asset_management_essentials	7.5	7.5.x
ibm / maximo_asset_management_essentials	7.1	7.1.x
ibm / tivoli_asset_management_for_it	7.2	7.2.x
ibm / tivoli_asset_management_for_it	7.1	7.1.x
ibm / tivoli_asset_management_for_it	6.2	6.2.x
ibm / trivoli_service_request_manager	7.1	7.1.x
ibm / trivoli_service_request_manager	7.2	7.2.x
ibm / maximo_service_desk	6.2	6.2.x
ibm / tivoli_change_and_configuration_management_database	7.1	7.1.x
ibm / tivoli_change_and_configuration_management_database	7.2	7.2.x
ibm / tivoli_change_and_configuration_management_database	6.2	6.2.x

Vulnerability Database

309,540

CVE-2011-1394

Deep Security Visibility Without the Complexity