CVE-2011-4818 — Improper Input Validation in IBM Maximo Asset Management

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Maximo Asset Management IBM Maximo Asset Management Essentials

Timeline

PublishedMar 13

Latest updateMay 14

Description

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/maximo_asset_management_essentials6.2, 7.1, 7.5+2

▶NVDibm/maximo_asset_management6.2, 7.1, 7.5+2

🔴Vulnerability Details

GHSA

GHSA-67r4-4qh9-q72f: Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6↗2022-05-14

▶

CVEList

CVE-2011-4818: Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6↗2012-03-13

▶

💥Exploits & PoCs

Exploit-DB

PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Ciphertext Data Memory Leak Denial of Service↗2011-03-08

▶