XSS in Ibm Change_and_configuration_management_database
CVE-2015-4944
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFI…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (37.5th percentile) — read the EPSS interpretation.
Affected products
- Ibm Change_and_configuration_management_database — versions 7.1, 7.2
- Ibm Maximo_asset_management — versions 7.1, 7.1.1, 7.1.1.1
- Ibm Maximo_asset_management_essentials — versions 7.1, 7.5
- Ibm Maximo_for_energy_optimization — versions 7.1
- Ibm Maximo_for_government — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_life_sciences — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_nuclear_power — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_oil_and_gas — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_transportation — versions 7.1, 7.5.0.0, 7.5.0.1
- Ibm Maximo_for_utilities — versions 7.1, 7.5.0.0, 7.5.0.1
Weakness classification (CWE)
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)