Release date:
Updated on:
Affected Systems:
IBM Tivoli Asset Management for IT 6.x
IBM Tivoli Asset Management for IT 7.x
IBM Tivoli Change and Configuration Management Databas 7.x
IBM Tivoli Change and Configuration Management Databas 6.x
IBM Tivoli Service Desk 6.x
IBM Tivoli Service Request Manager 7.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52326
Cve id: CVE-2011-1394, CVE-2011-1397, CVE-2011-4816, CVE-2011-4817, CVE-2012-0195
IBM Tivoli software provides products and solutions related to IT service management, asset management, storage management, security management, business application management, cloud computing, and server, network and device management.
Multiple vulnerabilities in IBM Tivoli software can be exploited by malicious users to leak sensitive information and execute SQL injection attacks, or execute cross-site scripting attacks and cause DOS.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: http://secunia.com/advisories/48305/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/