XSS in Ibm Maximo_asset_management
CVE-2014-0915
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartClou…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (53.7th percentile) — read the EPSS interpretation.
Affected products
- Ibm Maximo_asset_management — versions 6.2, 6.2.1, 6.2.2
- Ibm Maximo_asset_management_essentials — versions 6.2.0.0, 7.1, 7.5.0.0
- Ibm Maximo_for_government — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_life_sciences — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_nuclear_power — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_oil_and_gas — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_transportation — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_utilities — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_service_desk
- Ibm Smartcloud_control_desk — versions 7.5, 7.5.0.0, 7.5.0.1
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 59640 (x_refsource_SECUNIA, third-party-advisory)
- IV56680 (vendor-advisory, x_refsource_AIXAPAR)
- 20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915) (mailing-list, x_refsource_BUGTRAQ)
- 59570 (x_refsource_SECUNIA, third-party-advisory)
- ibm-maximo-cve20140915-xss(91884) (vdb-entry, x_refsource_XF)