XSS in Ibm Change_and_configuration_management_database

CVE-2014-0824

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Des…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (36.8th percentile) — read the EPSS interpretation.

Affected products

Ibm Change_and_configuration_management_database — versions 7.0, 7.1, 7.1.1.7
Ibm Maximo_asset_management — versions 7.1, 7.1.1, 7.1.1.1
Ibm Maximo_service_desk — versions 7.1.1.7, 7.1.1.8, 7.1.1.12
Ibm Tivoli_it_asset_management_for_it — versions 7.1.1.7, 7.1.1.8, 7.1.1.12
Ibm Tivoli_service_request_manager — versions 7.0, 7.1.0, 7.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

IV52829 (vendor-advisory, x_refsource_AIXAPAR)
psirt@us.ibm.com (x_refsource_CONFIRM)
ibm-maximo-cve20140824-xss(90500) (vdb-entry, x_refsource_XF)