CVE-2011-1397

Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.

Published: Mar 13, 2012
Updated: Nov 9, 2025
CVE: CVE-2011-1397
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
ibm / maximo_asset_management	7.5	7.5.x
ibm / maximo_asset_management	7.1	7.1.x
ibm / maximo_asset_management	6.2	6.2.x
ibm / maximo_asset_management_essentials	6.2	6.2.x
ibm / maximo_asset_management_essentials	7.5	7.5.x
ibm / maximo_asset_management_essentials	7.1	7.1.x
ibm / tivoli_asset_management_for_it	7.2	7.2.x
ibm / tivoli_asset_management_for_it	7.1	7.1.x
ibm / tivoli_asset_management_for_it	6.2	6.2.x
ibm / trivoli_service_request_manager	7.1	7.1.x
ibm / trivoli_service_request_manager	7.2	7.2.x
ibm / maximo_service_desk	6.2	6.2.x
ibm / tivoli_change_and_configuration_management_database	7.1	7.1.x
ibm / tivoli_change_and_configuration_management_database	7.2	7.2.x
ibm / tivoli_change_and_configuration_management_database	6.2	6.2.x

Vulnerability Database

309,540

CVE-2011-1397

Deep Security Visibility Without the Complexity