Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
| Link | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72000 | vdb entry |
| http://www.ibm.com/support/docview.wss?uid=swg21584666 | vendor advisory |
| http://secunia.com/advisories/48299 | third party advisory |
| http://secunia.com/advisories/48305 | third party advisory |
| http://www.securityfocus.com/bid/52333 | vdb entry |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193 | vendor advisory |