IT Service Management

Security Bulletin: Multiple Security Vulnerabilities Addressed in Maximo Asset and Service Management Products

February 14, 2012

Multiple security vulnerabilities have been addressed in Maximo Asset Management, Tivoli Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database. These vulnerabilities include cross-site scripting, cross-site request forgery, SQL injection, information disclosure, and denial of service (DoS) issues. CVE(s):CVE-2011-1394, CVE-2011-1395, CVE-2011-1396, CVE-2011-1397, CVE-2011-4816, CVE-2011-4817, CVE-2011-4818, CVE-2011-4819, CVE-2012-0195 Affected product(s): IBM ...read more

Security Bulletin: Potential Security Vulnerability in WebSphere Application Server affecting Maximo Asset and Service Management Products (CVE-2012-0193)

February 3, 2012

IBM Maximo Asset and Service Management products, when using WebSphere Application Server, are susceptible to a denial of service attack caused by the Java HashTable implementation vulnerability. CVE(s):CVE-2012-0193 Affected product(s): IBM Maximo Asset Management Affected version(s): 6.1, 6.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1, 7.1.1, 7.1.2, 7.2, 7.2.1, 7.5 For additional affected ...read more

Security Bulletin: IBM Tivoli Federated Identity Manager SAML (Security Assertion Markup Language) non-conformance vulnerability (CVE-2011-1386)

December 14, 2011

Non-conforming SAML (Security Assertion Markup Language) signature validations, under specific scenarios, can be interpreted as valid by the versions 6.1.1, 6.2.0 and 6.2.1 of Tivoli Federated Identity Manager. CVE(s): CVE-2011-1386 Affected product(s): IBM Tivoli Federated Identity Manager Affected version(s): 6.1.1, 6.2.0, 6.2.1 For full details, refer to: http://www-01.ibm.com/support/docview.wss?uid=swg21575309 ...read more

Security Update: IBM Tivoli Netcool/Reporter Apache CGI generic command execution vulnerability (CVE-2011-4668)

December 7, 2011

A vulnerability in an IBM Tivoli Netcool/Reporter Apache CGI could allow a remote attacker to execute arbitrary commands on the remote Web server. CVE(s): CVE-2011-4668 Affected product(s): IBM Tivoli Netcool/Reporter Affected version(s): 2.2.0 For full details and fix information, refer to: http://www-01.ibm.com/support/docview.wss?uid=swg24031456 (IZ94277-813) https://exchange.xforce.ibmcloud.com/vulnerabilities/71663 ...read more