Vulnerability Details : CVE-2011-4818
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.
Vulnerability category: Open redirectInput validation
Exploit prediction scoring system (EPSS) score for CVE-2011-4818
Probability of exploitation activity in the next 30 days: 0.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4818
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-4818
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4818
-
http://www.securityfocus.com/bid/52333
IBM Maximo Asset Management Multiple Security Vulnerabilities
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200
IBM notice: The page you requested cannot be displayed
-
http://www.ibm.com/support/docview.wss?uid=swg21584666
IBM Security Vulnerabilities Addressed in Asset and Service MgmtVendor Advisory
-
http://secunia.com/advisories/48299
Sign in
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72006
IBM Maximo uisessionid open redirect CVE-2011-4818 Vulnerability Report
Products affected by CVE-2011-4818
- cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*