CVE-2011-4816

SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published: Mar 13, 2012
Updated: Nov 9, 2025
CVE: CVE-2011-4816
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
ibm / maximo_asset_management	7.5	7.5.x
ibm / maximo_asset_management	7.1	7.1.x
ibm / maximo_asset_management	6.2	6.2.x
ibm / maximo_asset_management_essentials	6.2	6.2.x
ibm / maximo_asset_management_essentials	7.5	7.5.x
ibm / maximo_asset_management_essentials	7.1	7.1.x
ibm / tivoli_asset_management_for_it	7.2	7.2.x
ibm / tivoli_asset_management_for_it	7.1	7.1.x
ibm / tivoli_asset_management_for_it	6.2	6.2.x
ibm / trivoli_service_request_manager	7.1	7.1.x
ibm / trivoli_service_request_manager	7.2	7.2.x
ibm / maximo_service_desk	6.2	6.2.x
ibm / tivoli_change_and_configuration_management_database	7.1	7.1.x
ibm / tivoli_change_and_configuration_management_database	7.2	7.2.x
ibm / tivoli_change_and_configuration_management_database	6.2	6.2.x

Vulnerability Database

309,540

CVE-2011-4816

Deep Security Visibility Without the Complexity