XSS in Ibm Maximo_asset_management
CVE-2014-3025
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartClou…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (43.3th percentile) — read the EPSS interpretation.
Affected products
- Ibm Maximo_asset_management — versions 6.2, 6.2.1, 6.2.2
- Ibm Maximo_asset_management_essentials — versions 6.2.0.0, 7.1, 7.5.0.0
- Ibm Maximo_for_government — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_life_sciences — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_nuclear_power — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_oil_and_gas — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_transportation — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_utilities — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_service_desk
- Ibm Smartcloud_control_desk — versions 7.5, 7.5.0.0, 7.5.0.1
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 59640 (x_refsource_SECUNIA, third-party-advisory)
- ibm-maximo-cve20143025-xss(93064) (vdb-entry, x_refsource_XF)
- 59570 (x_refsource_SECUNIA, third-party-advisory)
- IV57241 (vendor-advisory, x_refsource_AIXAPAR)