CVE-2011-4816: SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management…

medium6.5CVSS 3.1

AVNACLAuSCPIPAP

SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected

15 ranges

Vendor	Product	Version range	Fixed in
ibm	maximo_asset_management	—	—
ibm	maximo_asset_management	—	—
ibm	maximo_asset_management	—	—
ibm	maximo_asset_management_essentials	—	—
ibm	maximo_asset_management_essentials	—	—
ibm	maximo_asset_management_essentials	—	—
ibm	maximo_service_desk	—	—
ibm	tivoli_asset_management_for_it	—	—
ibm	tivoli_asset_management_for_it	—	—
ibm	tivoli_asset_management_for_it	—	—
ibm	tivoli_change_and_configuration_management_database	—	—
ibm	tivoli_change_and_configuration_management_database	—	—
ibm	tivoli_change_and_configuration_management_database	—	—
ibm	trivoli_service_request_manager	—	—
ibm	trivoli_service_request_manager	—	—