CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2011-4816
https://notcve.org/view.php?id=CVE-2011-4816
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente KPI de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios a través de vectores sin especificar. • http://secunia.com/advisories/48299 http://secunia.com/advisories/48305 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72001 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •