CVE-2011-4818

IBM Maximo Asset Management 6.2, 7.1, 7.5 Open Redirect via uisessionid

Title source: llm
STIX 2.1

Description

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.

References (5)

Core 5
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72006
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21584666
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48299
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52333

Scores

EPSS 0.0118
EPSS Percentile 64.1%

Details

CWE
CWE-20
Status published
Products (6)
ibm/maximo_asset_management 6.2
ibm/maximo_asset_management 7.1
ibm/maximo_asset_management 7.5
ibm/maximo_asset_management_essentials 6.2
ibm/maximo_asset_management_essentials 7.1
ibm/maximo_asset_management_essentials 7.5
Published Mar 13, 2012
Tracked Since Feb 18, 2026