Vulnerabilites related to ibm - maximo_service_desk
CVE-2013-6741 (GCVE-0-2013-6741)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:46:22.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20136741-info-disc(89857)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857" }, { "name": "IV50316", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-05-20T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20136741-info-disc(89857)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857" }, { "name": "IV50316", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-6741", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20136741-info-disc(89857)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857" }, { "name": "IV50316", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-6741", "datePublished": "2014-05-26T16:00:00", "dateReserved": "2013-11-08T00:00:00", "dateUpdated": "2024-08-06T17:46:22.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-0915 (GCVE-0-2014-0915)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:27:20.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894" }, { "name": "59640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59640" }, { "name": "IV56680", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680" }, { "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "name": "59570", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59570" }, { "name": "ibm-maximo-cve20140915-xss(91884)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894" }, { "name": "59640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59640" }, { "name": "IV56680", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680" }, { "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "name": "59570", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59570" }, { "name": "ibm-maximo-cve20140915-xss(91884)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-0915", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894" }, { "name": "59640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59640" }, { "name": "IV56680", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680" }, { "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "name": "59570", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59570" }, { "name": "ibm-maximo-cve20140915-xss(91884)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-0915", "datePublished": "2014-07-30T10:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:27:20.309Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-3326 (GCVE-0-2012-3326)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:05:10.852Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-xss-iv20344(77960)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "IV20344", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-xss-iv20344(77960)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "IV20344", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-3326", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-xss-iv20344(77960)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "IV20344", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-3326", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-06-07T00:00:00", "dateUpdated": "2024-08-06T20:05:10.852Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-0825 (GCVE-0-2014-0825)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:27:20.067Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20140825-xss(90501)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501" }, { "name": "IV53362", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-05-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20140825-xss(90501)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501" }, { "name": "IV53362", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-0825", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20140825-xss(90501)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501" }, { "name": "IV53362", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-0825", "datePublished": "2014-05-26T16:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:27:20.067Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0728 (GCVE-0-2012-0728)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:13.881Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-maximo-sql-injection-iv17964(74307)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307" }, { "name": "IV17964", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-maximo-sql-injection-iv17964(74307)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307" }, { "name": "IV17964", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0728", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-maximo-sql-injection-iv17964(74307)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307" }, { "name": "IV17964", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964" }, { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0728", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-01-17T00:00:00", "dateUpdated": "2024-08-06T18:38:13.881Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-3316 (GCVE-0-2012-3316)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:57:50.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "mam-tpae-xss(77813)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "IV24609", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "mam-tpae-xss(77813)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "IV24609", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-3316", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "mam-tpae-xss(77813)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "IV24609", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-3316", "datePublished": "2013-02-20T11:00:00", "dateReserved": "2012-06-07T00:00:00", "dateUpdated": "2024-08-06T19:57:50.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-3313 (GCVE-0-2012-3313)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:57:50.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV15530", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-xss-iv15530(77787)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV15530", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-xss-iv15530(77787)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-3313", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV15530", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530" }, { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-xss-iv15530(77787)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-3313", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-06-07T00:00:00", "dateUpdated": "2024-08-06T19:57:50.514Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-3025 (GCVE-0-2014-3025)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 10:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:28:46.365Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754" }, { "name": "59640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59640" }, { "name": "ibm-maximo-cve20143025-xss(93064)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064" }, { "name": "59570", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59570" }, { "name": "IV57241", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754" }, { "name": "59640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59640" }, { "name": "ibm-maximo-cve20143025-xss(93064)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064" }, { "name": "59570", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59570" }, { "name": "IV57241", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-3025", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754" }, { "name": "59640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59640" }, { "name": "ibm-maximo-cve20143025-xss(93064)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064" }, { "name": "59570", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59570" }, { "name": "IV57241", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-3025", "datePublished": "2014-07-30T10:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2024-08-06T10:28:46.365Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0746 (GCVE-0-2012-0746)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.219Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV17961", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "ibm-maximo-xss-iv17961(74726)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV17961", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "ibm-maximo-xss-iv17961(74726)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV17961", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961" }, { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "ibm-maximo-xss-iv17961(74726)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0746", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-01-17T00:00:00", "dateUpdated": "2024-08-06T18:38:14.219Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-5465 (GCVE-0-2013-5465)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:15:20.356Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV46511", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20135465-file-types(88364)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-05-20T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV46511", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20135465-file-types(88364)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-5465", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV46511", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20135465-file-types(88364)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-5465", "datePublished": "2014-05-26T16:00:00", "dateReserved": "2013-08-22T00:00:00", "dateUpdated": "2024-08-06T17:15:20.356Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-1394 (GCVE-0-2011-1394)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:28:40.315Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48299" }, { "name": "maximo-uisession-dos(71985)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48305" }, { "name": "IV09157", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52333" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-09T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48299" }, { "name": "maximo-uisession-dos(71985)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48305" }, { "name": "IV09157", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52333" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1394", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48299" }, { "name": "maximo-uisession-dos(71985)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985" }, { "name": "48305", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48305" }, { "name": "IV09157", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157" }, { "name": "52333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52333" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1394", "datePublished": "2012-03-13T01:00:00", "dateReserved": "2011-03-10T00:00:00", "dateUpdated": "2024-08-06T22:28:40.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-3323 (GCVE-0-2013-3323)
Vulnerability from cvelistv5
Published
2020-02-18 16:03
Modified
2024-08-06 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:07:37.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.securityfocus.com/bid/62685" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/235239" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-09-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-18T16:03:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.securityfocus.com/bid/62685" }, { "tags": [ "x_refsource_MISC" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/235239" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3323", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.securityfocus.com/bid/62685", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/62685" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240" }, { "name": "https://www.ibm.com/support/pages/node/235239", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/pages/node/235239" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3323", "datePublished": "2020-02-18T16:03:12", "dateReserved": "2013-05-06T00:00:00", "dateUpdated": "2024-08-06T16:07:37.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-0824 (GCVE-0-2014-0824)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:27:20.078Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV52829", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20140824-xss(90500)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-05-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV52829", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20140824-xss(90500)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-0824", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV52829", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20140824-xss(90500)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-0824", "datePublished": "2014-05-26T16:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:27:20.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-6355 (GCVE-0-2012-6355)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:28:39.432Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-work-order-priv-esc(80747)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747" }, { "name": "IV30384", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-work-order-priv-esc(80747)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747" }, { "name": "IV30384", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-6355", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-work-order-priv-esc(80747)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747" }, { "name": "IV30384", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-6355", "datePublished": "2013-02-20T11:00:00", "dateReserved": "2012-12-16T00:00:00", "dateUpdated": "2024-08-06T21:28:39.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0195 (GCVE-0-2012-0195)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:16:19.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48299" }, { "name": "IV09198", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52333" }, { "name": "mam-sclc-xss(72612)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-09T17:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48299" }, { "name": "IV09198", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52333" }, { "name": "mam-sclc-xss(72612)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0195", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48299" }, { "name": "IV09198", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198" }, { "name": "48305", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52333" }, { "name": "mam-sclc-xss(72612)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0195", "datePublished": "2012-03-13T01:00:00", "dateReserved": "2011-12-14T00:00:00", "dateUpdated": "2024-08-06T18:16:19.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2014-0914 (GCVE-0-2014-0914)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
► | URL | Tags | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:27:20.253Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "68839", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/68839" }, { "name": "59640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59640" }, { "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885" }, { "name": "IV56679", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679" }, { "name": "59570", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59570" }, { "name": "ibm-maximo-cve20140914-xss(91883)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-19T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "68839", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/68839" }, { "name": "59640", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59640" }, { "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885" }, { "name": "IV56679", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679" }, { "name": "59570", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59570" }, { "name": "ibm-maximo-cve20140914-xss(91883)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-0914", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "68839", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68839" }, { "name": "59640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59640" }, { "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885" }, { "name": "IV56679", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679" }, { "name": "59570", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59570" }, { "name": "ibm-maximo-cve20140914-xss(91883)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-0914", "datePublished": "2014-07-30T10:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:27:20.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0747 (GCVE-0-2012-0747)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:13.981Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "85186", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/85186" }, { "name": "IV16032", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "ibm-maximo-sql-injection-iv16032(74731)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "85186", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/85186" }, { "name": "IV16032", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "ibm-maximo-sql-injection-iv16032(74731)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0747", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "85186", "refsource": "OSVDB", "url": "http://osvdb.org/85186" }, { "name": "IV16032", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032" }, { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "ibm-maximo-sql-injection-iv16032(74731)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0747", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-01-17T00:00:00", "dateUpdated": "2024-08-06T18:38:13.981Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-1397 (GCVE-0-2011-1397)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:28:40.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "maximo-laborreporting-csrf(72000)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09193", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-09T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "maximo-laborreporting-csrf(72000)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09193", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1397", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "maximo-laborreporting-csrf(72000)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09193", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1397", "datePublished": "2012-03-13T01:00:00", "dateReserved": "2011-03-10T00:00:00", "dateUpdated": "2024-08-06T22:28:40.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2184 (GCVE-0-2012-2184)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:08.625Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-maximo-session-fixation-iv19887(75780)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780" }, { "name": "IV19887", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-maximo-session-fixation-iv19887(75780)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780" }, { "name": "IV19887", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2184", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-maximo-session-fixation-iv19887(75780)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780" }, { "name": "IV19887", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887" }, { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2184", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0714 (GCVE-0-2012-0714)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:30:54.163Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "85179", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/85179" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-csrf(73534)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "IV16085", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085" }, { "name": "IV16497", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "85179", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/85179" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-csrf(73534)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "IV16085", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085" }, { "name": "IV16497", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0714", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "85179", "refsource": "OSVDB", "url": "http://osvdb.org/85179" }, { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-csrf(73534)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "IV16085", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085" }, { "name": "IV16497", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0714", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-01-17T00:00:00", "dateUpdated": "2024-08-06T18:30:54.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-0727 (GCVE-0-2012-0727)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:13.436Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV17963", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-sql-injection-iv17963(74306)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV17963", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-sql-injection-iv17963(74306)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0727", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV17963", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963" }, { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-sql-injection-iv17963(74306)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0727", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-01-17T00:00:00", "dateUpdated": "2024-08-06T18:38:13.436Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4817 (GCVE-0-2011-4817)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-07 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:16:34.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "maximo-helpmenu-info-disclosure(72004)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09197", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-09T17:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "maximo-helpmenu-info-disclosure(72004)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09197", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2011-4817", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "maximo-helpmenu-info-disclosure(72004)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004" }, { "name": "48299", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09197", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2011-4817", "datePublished": "2012-03-13T01:00:00", "dateReserved": "2011-12-14T00:00:00", "dateUpdated": "2024-08-07T00:16:34.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-3327 (GCVE-0-2012-3327)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:05:10.857Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-login-xss(78039)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039" }, { "name": "IV22698", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-login-xss(78039)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039" }, { "name": "IV22698", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-3327", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-login-xss(78039)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039" }, { "name": "IV22698", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-3327", "datePublished": "2013-02-20T11:00:00", "dateReserved": "2012-06-07T00:00:00", "dateUpdated": "2024-08-06T20:05:10.857Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2011-4816 (GCVE-0-2011-4816)
Vulnerability from cvelistv5
Published
2012-03-13 01:00
Modified
2024-08-07 00:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:16:35.026Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "maximo-kpi-sql-injection(72001)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09194", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-09T17:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "maximo-kpi-sql-injection(72001)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09194", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2011-4816", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "maximo-kpi-sql-injection(72001)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "name": "48299", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48299" }, { "name": "48305", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48305" }, { "name": "52333", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52333" }, { "name": "IV09194", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2011-4816", "datePublished": "2012-03-13T01:00:00", "dateReserved": "2011-12-14T00:00:00", "dateUpdated": "2024-08-07T00:16:35.026Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2183 (GCVE-0-2012-2183)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:08.587Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ibm-maximo-session-fixation-iv09212(75776)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776" }, { "name": "IV09212", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212" }, { "name": "85185", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/85185" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "ibm-maximo-session-fixation-iv09212(75776)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776" }, { "name": "IV09212", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212" }, { "name": "85185", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/85185" }, { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2183", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ibm-maximo-session-fixation-iv09212(75776)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776" }, { "name": "IV09212", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212" }, { "name": "85185", "refsource": "OSVDB", "url": "http://osvdb.org/85185" }, { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2183", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.587Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2013-4016 (GCVE-0-2013-4016)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:30:49.379Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20134016-sqli(85793)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793" }, { "name": "IV41871", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-05-20T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20134016-sqli(85793)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793" }, { "name": "IV41871", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-4016", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "name": "ibm-maximo-cve20134016-sqli(85793)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793" }, { "name": "IV41871", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-4016", "datePublished": "2014-05-26T16:00:00", "dateReserved": "2013-06-07T00:00:00", "dateUpdated": "2024-08-06T16:30:49.379Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-3322 (GCVE-0-2012-3322)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:05:10.813Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV23838", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-displayname-xss(77918)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-02-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV23838", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-displayname-xss(77918)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-3322", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV23838", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "name": "mam-displayname-xss(77918)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-3322", "datePublished": "2013-02-20T11:00:00", "dateReserved": "2012-06-07T00:00:00", "dateUpdated": "2024-08-06T20:05:10.813Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2012-2185 (GCVE-0-2012-2185)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
► | URL | Tags | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:08.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-info-disclosure(75784)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "85183", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/85183" }, { "name": "IV17942", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "50551", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-info-disclosure(75784)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "85183", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/85183" }, { "name": "IV17942", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2185", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "50551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50551" }, { "name": "ibm-maximo-info-disclosure(75784)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "name": "85183", "refsource": "OSVDB", "url": "http://osvdb.org/85183" }, { "name": "IV17942", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2185", "datePublished": "2012-09-10T17:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:08.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 7.1.0.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, M\u00e1ximo Service Desk, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2012-0728", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-09-10T17:55:01.147", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name." }, { "lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) el componente \"Start Center Layout and Configuration\" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, t 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del \"display name\"." } ], "id": "CVE-2012-0195", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-03-13T03:12:26.197", "references": [ { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/48299" }, { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/48305" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48305" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2012-3326", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-09-10T17:55:01.537", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 7.1.0.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en IBM Maximo Asset Management 7.1 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados." } ], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html \u0027CWE-384: Session Fixation\u0027", "id": "CVE-2012-2184", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-09-10T17:55:01.413", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*", "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*", "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*", "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*", "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120", "versionEndIncluding": "6.2.8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3", "versionEndIncluding": "6.2.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field." }, { "lang": "es", "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8 y 6.x y 7.x hasta 7.5.0.6, Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk y Maximo Asset Management 6.2 hasta 6.2.8 para Tivoli IT Asset Management for IT y Maximo Service Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo Query Description." } ], "id": "CVE-2014-0914", "lastModified": "2025-04-12T10:46:40.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-07-30T11:15:33.177", "references": [ { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59570" }, { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59640" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885" }, { "source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/68839" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59570" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/68839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 6.2.0.0 | |
ibm | maximo_asset_management | 7.1.0.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, M\u00e1ximo Service Desk, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2012-0747", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-09-10T17:55:01.320", "references": [ { "source": "psirt@us.ibm.com", "url": "http://osvdb.org/85186" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/85186" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 6.2.0.0 | |
ibm | maximo_asset_management | 7.1.0.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados." } ], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html\r\n\r\n\u0027CWE-384: Session Fixation\u0027", "id": "CVE-2012-2183", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-09-10T17:55:01.367", "references": [ { "source": "psirt@us.ibm.com", "url": "http://osvdb.org/85185" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/85185" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter." }, { "lang": "es", "value": "Vulnerabilidad de XSS en openreport.jsp en IBM Maximo Asset Management 7.x anterior a 7.1.1.12 IFIX.20140321-1336 y 7.5.x anterior a 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.12 IFIX.20140218-1510 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro report manipulado." } ], "id": "CVE-2014-0825", "lastModified": "2025-04-12T10:46:40.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-05-26T16:55:03.130", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 6.2.0.0 | |
ibm | maximo_asset_management | 7.1.0.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." }, { "lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar la autenticaci\u00f3n de las v\u00edctimas a trav\u00e9s de vectores no especificados desconocidos." } ], "id": "CVE-2012-0714", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-09-10T17:55:00.977", "references": [ { "source": "psirt@us.ibm.com", "url": "http://osvdb.org/85179" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/85179" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite remoto autenticado usuarios de inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2012-0746", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-09-10T17:55:01.273", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "F43D0468-F9D7-40E5-A565-3EAA7FFEC10D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "5FDE55FC-2179-48D6-89B3-72783B313D66", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "2E6C4892-87F1-4067-9624-3E1931C5EE86", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "A006BC3C-BD49-4D46-833E-BFE1ED3D0E24", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL." }, { "lang": "es", "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.x anterior a 7.1.1.8 LAFIX.20140319-0839 y 7.1.1.12 anterior a IFIX.20140321-1336 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.8 LAFIX.20140319-0839 y 7.1.1.12 anterior a IFIX.20140218-1510 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL adjunta." } ], "id": "CVE-2014-0824", "lastModified": "2025-04-12T10:46:40.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-05-26T16:55:03.067", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 6.2.0.0 | |
ibm | maximo_asset_management | 7.1.0.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2012-3313", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-09-10T17:55:01.507", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*", "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*", "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*", "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*", "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120", "versionEndIncluding": "6.2.8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3", "versionEndIncluding": "6.2.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entradas no especificadas en un fichero .jsp bajo webclient/utility/." } ], "id": "CVE-2014-3025", "lastModified": "2025-04-12T10:46:40.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-07-30T11:15:33.380", "references": [ { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59570" }, { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59640" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59570" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*", "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name." }, { "lang": "es", "value": "Vulnerabilidad XSS en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente, inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el \"display name\"." } ], "id": "CVE-2012-3322", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-02-20T12:09:21.943", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el componente KPI de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar." } ], "id": "CVE-2011-4816", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-03-13T03:12:26.040", "references": [ { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/48299" }, { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/48305" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48305" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": false }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287", "vulnerable": false }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type." }, { "lang": "es", "value": "IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140323-0749, 7.1.1.12 anterior a IFIX.20140321-1336, 7.5.x anterior a 7.5.0.3 IFIX027 y 7.5.0.4 anterior a IFIX011; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140207-1801 y 7.1.1.12 anterior a IFIX.20140218-1510 no restringen debidamente tipos de archivo durante subidas, lo que permite a usuarios remotos autenticados tener un impacto no especificado a trav\u00e9s de un tipo inv\u00e1lido." } ], "id": "CVE-2013-5465", "lastModified": "2025-04-12T10:46:40.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-05-26T16:55:02.927", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": false }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287", "vulnerable": false }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error." }, { "lang": "es", "value": "IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837 y 7.5.x anterior a 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 permite a usuarios remotos autenticados obtener informaci\u00f3n de traza de pila potencialmente sensible mediante la provocaci\u00f3n de un error Birt." } ], "id": "CVE-2013-6741", "lastModified": "2025-04-12T10:46:40.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-05-26T16:55:03.003", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account." }, { "lang": "es", "value": "La opci\u00f3n \"About\" del men\u00fa de ayuda de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1 y 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 muestra el nombre de usuario, lo que permite a atacantes remotos autenticados tener un impacto sin especificar a trav\u00e9s de un ataque dirigido a la cuenta de usuario correspondiente." } ], "id": "CVE-2011-4817", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-03-13T03:12:26.087", "references": [ { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/48299" }, { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/48305" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48305" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users." }, { "lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la p\u00e1gina \"Labor Reporting\" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios." } ], "id": "CVE-2011-1397", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-03-13T03:12:25.993", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/48299" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/48305" }, { "source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48305" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar SQL arbitrario \u00f3rdenes a trav\u00e9s de vectores" } ], "id": "CVE-2012-0727", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-09-10T17:55:01.070", "references": [ { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*", "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order." }, { "lang": "es", "value": "IBM Maximo Asset Management 6.2 a 7.5, Maximo Asset Management Essentials 6.2 a 7.5, Tivoli Asset Management for IT 6.2 a 7.2, Tivoli Service Request 7,1 y 7,2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, y SmartCloud Control Desk 7.5, permiten a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores relacionados con una orden de trabajo." } ], "id": "CVE-2012-6355", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-02-20T12:09:22.473", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
ibm | change_and_configuration_management_database | 6.0 | |
ibm | change_and_configuration_management_database | 7.0 | |
ibm | maximo_asset_management | 6.2.0.0 | |
ibm | maximo_asset_management | 7.1.0.0 | |
ibm | maximo_asset_management | 7.5.0.0 | |
ibm | maximo_service_desk | 6.2 | |
ibm | smartcloud_control_desk | 7.0 | |
ibm | tivoli_asset_management_for_it | 6.0 | |
ibm | tivoli_asset_management_for_it | 6.2 | |
ibm | tivoli_asset_management_for_it | 7.0 | |
ibm | tivoli_asset_management_for_it | 7.1 | |
ibm | tivoli_asset_management_for_it | 7.2 | |
ibm | tivoli_service_request_manager | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors." }, { "lang": "es", "value": "IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados para obtener informaci\u00f3n sensible a trav\u00e9s indeterminado vectores." } ], "id": "CVE-2012-2185", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-09-10T17:55:01.460", "references": [ { "source": "psirt@us.ibm.com", "url": "http://osvdb.org/85183" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/85183" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/50551" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*", "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*", "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*", "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*", "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120", "versionEndIncluding": "6.2.8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC", "versionEndIncluding": "7.5.0.6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3", "versionEndIncluding": "6.2.8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el campo KPI display name o (2) un campo portlet." } ], "id": "CVE-2014-0915", "lastModified": "2025-04-12T10:46:40.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-07-30T11:15:33.253", "references": [ { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59570" }, { "source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59640" }, { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680" }, { "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894" }, { "source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59570" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-02-18 17:15
Modified
2024-11-21 01:53
Severity ?
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
▶ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.securityfocus.com/bid/62685 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 | VDB Entry, Vendor Advisory | |
cve@mitre.org | https://www.ibm.com/support/pages/node/235239 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/62685 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 | VDB Entry, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/235239 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "095A16F3-FA2C-4D0D-BA04-597FB2FF03FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "235F85B1-345A-4CE2-9DBE-A03D49D14583", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "450D430F-6E81-4DD5-9D64-3676B2D3C16C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "C3749FF3-86DE-40CA-8A04-0987C47EA1E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "2EC5EC94-7A48-487E-BCCC-8B434E8735E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "7E78E1CA-83D8-4497-AF4E-A017B778107A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "2906AF03-C662-4EBF-A3A3-E79DE4831F08", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "3054179C-29D4-4098-816C-85A2CAE4103F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "B97B731D-8002-43D8-BF43-B32B852D0BEC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "5DC611AA-993B-4C91-9EF8-ACA3D3E11F2E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6476767B-52DD-4A29-A379-96BFE964CA4A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "FDCDD396-CFB4-4AC9-A025-4E132FC333E2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "01048E18-A71F-4AC7-971E-6CE772ACE81A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access." }, { "lang": "es", "value": "Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticaci\u00f3n B\u00e1sica es usado, debido a un fallo al invalidar la sesi\u00f3n de autenticaci\u00f3n, lo que podr\u00eda permitir a un usuario malicioso obtener acceso no autorizado." } ], "id": "CVE-2013-3323", "lastModified": "2024-11-21T01:53:23.740", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-02-18T17:15:12.597", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/62685" }, { "source": "cve@mitre.org", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/235239" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/62685" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "VDB Entry", "Vendor Advisory" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.ibm.com/support/pages/node/235239" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad XSS en Tivoli Process Automation Engine (TPAE) en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 a la v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2012-3316", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-02-20T12:09:21.803", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858", "vulnerable": false }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287", "vulnerable": false }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text." }, { "lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140323-0749, 7.1.1.12 anterior a IFIX.20140321-1336, 7.5.x anterior a 7.5.0.3 IFIX027, 7.5.0.4 anterior a IFIX011 y 7.5.0.5 anterior a IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140207-1801 y 7.1.1.12 anterior a IFIX.20140218-1510 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de un informe Birt con una clausula WHERE en texto plano." } ], "id": "CVE-2013-4016", "lastModified": "2025-04-12T10:46:40.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-05-26T16:55:02.737", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-89" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*", "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action." }, { "lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v6.2 hasta v7.5, Maximo Asset Management Essentials v6.2 hasta v7.5, Tivoli Asset Management for IT v6.2 hasta v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change and Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5 que permite ataques remotos que inyectan comandos web o HTML a trav\u00e9s de vectores relacionados con una acci\u00f3n de registro." } ], "id": "CVE-2012-3327", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-02-20T12:09:21.990", "references": [ { "source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698" }, { "source": "psirt@us.ibm.com", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039" } ], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F", "vulnerable": true }, { "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session." }, { "lang": "es", "value": "IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management de IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de la memoria) estableciendo numerosas sesiones UI dentro de una sesi\u00f3n HTTP." } ], "id": "CVE-2011-1394", "lastModified": "2025-04-11T00:51:21.963", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2012-03-13T03:12:25.853", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/48299" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/48305" }, { "source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48299" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48305" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52333" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }