XSS in Ibm Maximo_asset_management

CVE-2012-0195

Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tiv…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (65.4th percentile) — read the EPSS interpretation.

Affected products

Ibm Maximo_asset_management — versions 6.2, 7.1, 7.5
Ibm Maximo_asset_management_essentials — versions 6.2, 7.1, 7.5
Ibm Maximo_service_desk — versions 6.2
Ibm Tivoli_asset_management_for_it — versions 6.2, 7.1, 7.2
Ibm Tivoli_change_and_configuration_management_database — versions 6.2, 7.1, 7.2
Ibm Trivoli_service_request_manager — versions 7.1, 7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
48299 (x_refsource_SECUNIA, third-party-advisory)
IV09198 (vendor-advisory, x_refsource_AIXAPAR)
48305 (x_refsource_SECUNIA, third-party-advisory)
52333 (vdb-entry, x_refsource_BID)
mam-sclc-xss(72612) (vdb-entry, x_refsource_XF)