CVE-2011-4818
IBM Maximo Asset Management 6.2, 7.1, 7.5 Open Redirect via uisessionid
Title source: llmDescription
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.
References (5)
Core 5
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72006
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21584666
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48299
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52333
Scores
EPSS
0.0118
EPSS Percentile
64.1%
Details
CWE
CWE-20
Status
published
Products (6)
ibm/maximo_asset_management
6.2
ibm/maximo_asset_management
7.1
ibm/maximo_asset_management
7.5
ibm/maximo_asset_management_essentials
6.2
ibm/maximo_asset_management_essentials
7.1
ibm/maximo_asset_management_essentials
7.5
Published
Mar 13, 2012
Tracked Since
Feb 18, 2026