Vulnerabilites related to ibm - smartcloud_control_desk
CVE-2014-0915 (GCVE-0-2014-0915)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21678894 x_refsource_CONFIRM
http://secunia.com/advisories/59640 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680 vendor-advisory, x_refsource_AIXAPAR
http://www.securityfocus.com/archive/1/533110/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/59570 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/91884 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "IV56680",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
          },
          {
            "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "ibm-maximo-cve20140915-xss(91884)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "IV56680",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
        },
        {
          "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "ibm-maximo-cve20140915-xss(91884)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0915",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "IV56680",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
            },
            {
              "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "ibm-maximo-cve20140915-xss(91884)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0915",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5402 (GCVE-0-2013-5402)
Vulnerability from cvelistv5
Published
2013-12-18 11:00
Modified
2024-08-06 17:06
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "64333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64333"
          },
          {
            "name": "ibm-maximo-cve20135402-xss(87298)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
          },
          {
            "name": "IV49268",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "64333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64333"
        },
        {
          "name": "ibm-maximo-cve20135402-xss(87298)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
        },
        {
          "name": "IV49268",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "64333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64333"
            },
            {
              "name": "ibm-maximo-cve20135402-xss(87298)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
            },
            {
              "name": "IV49268",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5402",
    "datePublished": "2013-12-18T11:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0728 (GCVE-0-2012-0728)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-sql-injection-iv17964(74307)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
          },
          {
            "name": "IV17964",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-sql-injection-iv17964(74307)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
        },
        {
          "name": "IV17964",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0728",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-sql-injection-iv17964(74307)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
            },
            {
              "name": "IV17964",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0728",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0222 (GCVE-0-2016-0222)
Vulnerability from cvelistv5
Published
2016-03-14 01:00
Modified
2024-08-05 22:08
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:08:13.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-03-14T01:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0222",
    "datePublished": "2016-03-14T01:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:08:13.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3313 (GCVE-0-2012-3313)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:57
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:57:50.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV15530",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-xss-iv15530(77787)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV15530",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-xss-iv15530(77787)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV15530",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-xss-iv15530(77787)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3313",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T19:57:50.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3025 (GCVE-0-2014-3025)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 10:28
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21678754 x_refsource_CONFIRM
http://secunia.com/advisories/59640 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/93064 vdb-entry, x_refsource_XF
http://secunia.com/advisories/59570 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "ibm-maximo-cve20143025-xss(93064)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "IV57241",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "ibm-maximo-cve20143025-xss(93064)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "IV57241",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3025",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "ibm-maximo-cve20143025-xss(93064)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "IV57241",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3025",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5465 (GCVE-0-2013-5465)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:15
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV46511",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20135465-file-types(88364)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV46511",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20135465-file-types(88364)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5465",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV46511",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20135465-file-types(88364)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5465",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5051 (GCVE-0-2015-5051)
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T04:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5051",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5460 (GCVE-0-2013-5460)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:15
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20135460-info-disc(88308)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "IV46745",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20135460-info-disc(88308)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "IV46745",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5460",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20135460-info-disc(88308)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "IV46745",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5460",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3327 (GCVE-0-2012-3327)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-login-xss(78039)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
          },
          {
            "name": "IV22698",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-login-xss(78039)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
        },
        {
          "name": "IV22698",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-login-xss(78039)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
            },
            {
              "name": "IV22698",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3327",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0893 (GCVE-0-2014-0893)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20140893-xss(91287)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
          },
          {
            "name": "IV55019",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20140893-xss(91287)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
        },
        {
          "name": "IV55019",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20140893-xss(91287)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
            },
            {
              "name": "IV55019",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0893",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7451 (GCVE-0-2015-7451)
Vulnerability from cvelistv5
Published
2016-01-02 02:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T04:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7451",
    "datePublished": "2016-01-02T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4965 (GCVE-0-2015-4965)
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4965",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-6356 (GCVE-0-2012-6356)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 21:28
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "IV27329",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
          },
          {
            "name": "mam-import-fct-priv-esc(80748)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "IV27329",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
        },
        {
          "name": "mam-import-fct-priv-esc(80748)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "IV27329",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
            },
            {
              "name": "mam-import-fct-priv-esc(80748)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6356",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3322 (GCVE-0-2012-3322)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV23838",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-displayname-xss(77918)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV23838",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-displayname-xss(77918)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV23838",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-displayname-xss(77918)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3322",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1934 (GCVE-0-2015-1934)
Vulnerability from cvelistv5
Published
2015-10-04 01:00
Modified
2024-08-06 05:02
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-04T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1934",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1934",
    "datePublished": "2015-10-04T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6741 (GCVE-0-2013-6741)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:46
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:46:22.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20136741-info-disc(89857)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
          },
          {
            "name": "IV50316",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20136741-info-disc(89857)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
        },
        {
          "name": "IV50316",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-6741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20136741-info-disc(89857)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
            },
            {
              "name": "IV50316",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-6741",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-11-08T00:00:00",
    "dateUpdated": "2024-08-06T17:46:22.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3326 (GCVE-0-2012-3326)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-xss-iv20344(77960)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "IV20344",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-xss-iv20344(77960)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "IV20344",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-xss-iv20344(77960)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "IV20344",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3326",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0825 (GCVE-0-2014-0825)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20140825-xss(90501)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
          },
          {
            "name": "IV53362",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20140825-xss(90501)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
        },
        {
          "name": "IV53362",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0825",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20140825-xss(90501)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
            },
            {
              "name": "IV53362",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0825",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7448 (GCVE-0-2015-7448)
Vulnerability from cvelistv5
Published
2016-03-12 15:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-03-12T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7448",
    "datePublished": "2016-03-12T15:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4944 (GCVE-0-2015-4944)
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4944",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4966 (GCVE-0-2015-4966)
Vulnerability from cvelistv5
Published
2015-11-08 22:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-08T21:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4966",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4966",
    "datePublished": "2015-11-08T22:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3024 (GCVE-0-2014-3024)
Vulnerability from cvelistv5
Published
2014-08-29 10:00
Modified
2024-08-06 10:28
Severity ?
CWE
  • n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.384Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20143024-csrf(93063)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
          },
          {
            "name": "1030781",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030781"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
          },
          {
            "name": "IV56643",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
          },
          {
            "name": "60408",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60408"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20143024-csrf(93063)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
        },
        {
          "name": "1030781",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030781"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
        },
        {
          "name": "IV56643",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
        },
        {
          "name": "60408",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60408"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20143024-csrf(93063)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
            },
            {
              "name": "1030781",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030781"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
            },
            {
              "name": "IV56643",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
            },
            {
              "name": "60408",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60408"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3024",
    "datePublished": "2014-08-29T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1524 (GCVE-0-2018-1524)
Vulnerability from cvelistv5
Published
2018-08-03 15:00
Modified
2024-09-16 18:29
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • Gain Access
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.0
Version: 7.6.0.1
Version: 7.6.1
Version: 7.6.2
Version: 7.6.2.1
Version: 7.6.2.2
Version: 7.6.2.3
Version: 7.6.2.4
Version: 7.6.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:43.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20181524-default-account(142116)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AC:L/AV:N/C:H/I:H/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-06T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20181524-default-account(142116)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-31T00:00:00",
          "ID": "CVE-2018-1524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20181524-default-account(142116)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22017452",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1524",
    "datePublished": "2018-08-03T15:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:29:30.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0727 (GCVE-0-2012-0727)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV17963",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-sql-injection-iv17963(74306)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV17963",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-sql-injection-iv17963(74306)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0727",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV17963",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-sql-injection-iv17963(74306)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0727",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5017 (GCVE-0-2015-5017)
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T05:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5017",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5017",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-2028 (GCVE-0-2018-2028)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-17 02:32
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:39.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
          },
          {
            "name": "ibm-maximo-cve20182028-info-disc (155554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.7,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/UI:N/S:U/C:H/AC:L/PR:L/I:N/AV:N/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
        },
        {
          "name": "ibm-maximo-cve20182028-info-disc (155554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2018-2028",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880145",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880145 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
            },
            {
              "name": "ibm-maximo-cve20182028-info-disc (155554)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-2028",
    "datePublished": "2019-06-06T00:35:18.707579Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T02:32:33.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-4765 (GCVE-0-2014-4765)
Vulnerability from cvelistv5
Published
2014-10-02 00:00
Modified
2024-08-06 11:27
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
          },
          {
            "name": "ibm-maximo-cve20144765-error-message(94757)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
        },
        {
          "name": "ibm-maximo-cve20144765-error-message(94757)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
            },
            {
              "name": "ibm-maximo-cve20144765-error-message(94757)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4765",
    "datePublished": "2014-10-02T00:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6102 (GCVE-0-2014-6102)
Vulnerability from cvelistv5
Published
2015-02-17 01:00
Modified
2024-08-06 12:03
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
          },
          {
            "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
        },
        {
          "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6102",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
            },
            {
              "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6102",
    "datePublished": "2015-02-17T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6072 (GCVE-0-2016-6072)
Vulnerability from cvelistv5
Published
2017-02-01 20:00
Modified
2024-08-06 01:22
Severity ?
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
Impacted products
Vendor Product Version
IBM Corporation Maximo Asset Management Version: 6.2
Version: 7.1
Version: 7.5
Version: 7.5.0.0
Version: 7.5.0.10
Version: 7.1.0.0
Version: 6.2.0.0
Version: 7.2
Version: 7.1.1
Version: 7.1.2
Version: 7.2.1
Version: 6.2.1
Version: 6.2.2
Version: 6.2.3
Version: 6.2.4
Version: 6.2.5
Version: 6.2.6
Version: 6.2.7
Version: 6.2.8
Version: 7.1.1.1
Version: 7.1.1.10
Version: 7.1.1.11
Version: 7.1.1.12
Version: 7.1.1.2
Version: 7.1.1.5
Version: 7.1.1.6
Version: 7.1.1.7
Version: 7.1.1.8
Version: 7.1.1.9
Version: 7.5.0.1
Version: 7.5.0.2
Version: 7.5.0.3
Version: 7.5.0.4
Version: 7.5.0.5
Version: 7.6
Version: 7.5.0
Version: 7.6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:18.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "94355",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.5.0.0"
            },
            {
              "status": "affected",
              "version": "7.5.0.10"
            },
            {
              "status": "affected",
              "version": "7.1.0.0"
            },
            {
              "status": "affected",
              "version": "6.2.0.0"
            },
            {
              "status": "affected",
              "version": "7.2"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.4"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "6.2.6"
            },
            {
              "status": "affected",
              "version": "6.2.7"
            },
            {
              "status": "affected",
              "version": "6.2.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.1.10"
            },
            {
              "status": "affected",
              "version": "7.1.1.11"
            },
            {
              "status": "affected",
              "version": "7.1.1.12"
            },
            {
              "status": "affected",
              "version": "7.1.1.2"
            },
            {
              "status": "affected",
              "version": "7.1.1.5"
            },
            {
              "status": "affected",
              "version": "7.1.1.6"
            },
            {
              "status": "affected",
              "version": "7.1.1.7"
            },
            {
              "status": "affected",
              "version": "7.1.1.8"
            },
            {
              "status": "affected",
              "version": "7.1.1.9"
            },
            {
              "status": "affected",
              "version": "7.5.0.1"
            },
            {
              "status": "affected",
              "version": "7.5.0.2"
            },
            {
              "status": "affected",
              "version": "7.5.0.3"
            },
            {
              "status": "affected",
              "version": "7.5.0.4"
            },
            {
              "status": "affected",
              "version": "7.5.0.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.5.0"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            }
          ]
        }
      ],
      "datePublic": "2017-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-02T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "94355",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-6072",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.2"
                          },
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.5.0.0"
                          },
                          {
                            "version_value": "7.5.0.10"
                          },
                          {
                            "version_value": "7.1.0.0"
                          },
                          {
                            "version_value": "6.2.0.0"
                          },
                          {
                            "version_value": "7.2"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.1.2"
                          },
                          {
                            "version_value": "7.2.1"
                          },
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.2.2"
                          },
                          {
                            "version_value": "6.2.3"
                          },
                          {
                            "version_value": "6.2.4"
                          },
                          {
                            "version_value": "6.2.5"
                          },
                          {
                            "version_value": "6.2.6"
                          },
                          {
                            "version_value": "6.2.7"
                          },
                          {
                            "version_value": "6.2.8"
                          },
                          {
                            "version_value": "7.1.1.1"
                          },
                          {
                            "version_value": "7.1.1.10"
                          },
                          {
                            "version_value": "7.1.1.11"
                          },
                          {
                            "version_value": "7.1.1.12"
                          },
                          {
                            "version_value": "7.1.1.2"
                          },
                          {
                            "version_value": "7.1.1.5"
                          },
                          {
                            "version_value": "7.1.1.6"
                          },
                          {
                            "version_value": "7.1.1.7"
                          },
                          {
                            "version_value": "7.1.1.8"
                          },
                          {
                            "version_value": "7.1.1.9"
                          },
                          {
                            "version_value": "7.5.0.1"
                          },
                          {
                            "version_value": "7.5.0.2"
                          },
                          {
                            "version_value": "7.5.0.3"
                          },
                          {
                            "version_value": "7.5.0.4"
                          },
                          {
                            "version_value": "7.5.0.5"
                          },
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.5.0"
                          },
                          {
                            "version_value": "7.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94355",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94355"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21991893",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-6072",
    "datePublished": "2017-02-01T20:00:00",
    "dateReserved": "2016-06-29T00:00:00",
    "dateUpdated": "2024-08-06T01:22:18.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0849 (GCVE-0-2014-0849)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "IV53952",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
          },
          {
            "name": "ibm-maximo-cve20140849-sec-bypass(90738)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "IV53952",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
        },
        {
          "name": "ibm-maximo-cve20140849-sec-bypass(90738)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0849",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "IV53952",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
            },
            {
              "name": "ibm-maximo-cve20140849-sec-bypass(90738)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0849",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4486 (GCVE-0-2019-4486)
Vulnerability from cvelistv5
Published
2019-10-24 12:00
Modified
2024-09-17 02:27
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1075023"
          },
          {
            "name": "ibm-maximo-cve20194486-xss (164070)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-10-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/UI:R/AC:L/C:L/S:C/PR:L/A:N/AV:N/I:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-24T12:00:39",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1075023"
        },
        {
          "name": "ibm-maximo-cve20194486-xss (164070)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-22T00:00:00",
          "ID": "CVE-2019-4486",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1075023",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1075023 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1075023"
            },
            {
              "name": "ibm-maximo-cve20194486-xss (164070)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4486",
    "datePublished": "2019-10-24T12:00:39.114131Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:27:26.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4056 (GCVE-0-2019-4056)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-16 17:34
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
CWE
  • File Manipulation
Summary
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
          },
          {
            "name": "ibm-maximo-cve20194056-file-upload (156565)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/I:L/PR:L/AV:N/A:N/C:N/S:U/UI:N/RC:C/RL:O/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
        },
        {
          "name": "ibm-maximo-cve20194056-file-upload (156565)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2019-4056",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880149",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880149 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
            },
            {
              "name": "ibm-maximo-cve20194056-file-upload (156565)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4056",
    "datePublished": "2019-06-06T00:35:18.806739Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:34:20.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0746 (GCVE-0-2012-0746)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:14.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV17961",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "ibm-maximo-xss-iv17961(74726)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV17961",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "ibm-maximo-xss-iv17961(74726)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0746",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV17961",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "ibm-maximo-xss-iv17961(74726)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0746",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:14.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-6355 (GCVE-0-2012-6355)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 21:28
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-work-order-priv-esc(80747)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
          },
          {
            "name": "IV30384",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-work-order-priv-esc(80747)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
        },
        {
          "name": "IV30384",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-work-order-priv-esc(80747)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
            },
            {
              "name": "IV30384",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6355",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3084 (GCVE-0-2014-3084)
Vulnerability from cvelistv5
Published
2014-08-29 10:00
Modified
2024-08-06 10:35
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors.
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274 vendor-advisory, x_refsource_AIXAPAR
http://www.securitytracker.com/id/1030780 vdb-entry, x_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg21681020 x_refsource_CONFIRM
http://secunia.com/advisories/60453 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/93955 vdb-entry, x_refsource_XF
http://secunia.com/advisories/60408 third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:55.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV61274",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
          },
          {
            "name": "1030780",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030780"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
          },
          {
            "name": "60453",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60453"
          },
          {
            "name": "ibm-maximo-cve20143084-sec-bypass(93955)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
          },
          {
            "name": "60408",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60408"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV61274",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
        },
        {
          "name": "1030780",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030780"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
        },
        {
          "name": "60453",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60453"
        },
        {
          "name": "ibm-maximo-cve20143084-sec-bypass(93955)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
        },
        {
          "name": "60408",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60408"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV61274",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
            },
            {
              "name": "1030780",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030780"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
            },
            {
              "name": "60453",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60453"
            },
            {
              "name": "ibm-maximo-cve20143084-sec-bypass(93955)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
            },
            {
              "name": "60408",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60408"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3084",
    "datePublished": "2014-08-29T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:35:55.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4429 (GCVE-0-2019-4429)
Vulnerability from cvelistv5
Published
2020-02-19 15:15
Modified
2024-09-17 02:36
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.0
Version: 7.6.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1489053"
          },
          {
            "name": "ibm-maximo-cve20194429-xss (162886)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            }
          ]
        }
      ],
      "datePublic": "2020-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/AV:N/I:L/RC:C/RL:O/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T15:15:44",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1489053"
        },
        {
          "name": "ibm-maximo-cve20194429-xss (162886)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-02-18T00:00:00",
          "ID": "CVE-2019-4429",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1489053",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1489053 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1489053"
            },
            {
              "name": "ibm-maximo-cve20194429-xss (162886)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4429",
    "datePublished": "2020-02-19T15:15:44.172383Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:36:20.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-6357 (GCVE-0-2012-6357)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 21:28
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.783Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV23511",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
          },
          {
            "name": "mam-asset-lookup-priv-esc(80749)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV23511",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
        },
        {
          "name": "mam-asset-lookup-priv-esc(80749)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV23511",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
            },
            {
              "name": "mam-asset-lookup-priv-esc(80749)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6357",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2184 (GCVE-0-2012-2184)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
CWE
  • n/a
Summary
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.625Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-session-fixation-iv19887(75780)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
          },
          {
            "name": "IV19887",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-session-fixation-iv19887(75780)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
        },
        {
          "name": "IV19887",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2184",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-session-fixation-iv19887(75780)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
            },
            {
              "name": "IV19887",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2184",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7396 (GCVE-0-2015-7396)
Vulnerability from cvelistv5
Published
2016-01-02 21:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T21:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7396",
    "datePublished": "2016-01-02T21:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7452 (GCVE-0-2015-7452)
Vulnerability from cvelistv5
Published
2016-01-02 21:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.521Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T21:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7452",
    "datePublished": "2016-01-02T21:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-4016 (GCVE-0-2013-4016)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 16:30
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:30:49.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20134016-sqli(85793)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
          },
          {
            "name": "IV41871",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20134016-sqli(85793)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
        },
        {
          "name": "IV41871",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-4016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20134016-sqli(85793)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
            },
            {
              "name": "IV41871",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-4016",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-06-07T00:00:00",
    "dateUpdated": "2024-08-06T16:30:49.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4967 (GCVE-0-2015-4967)
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4967",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4967",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-3026 (GCVE-0-2014-3026)
Vulnerability from cvelistv5
Published
2014-07-29 20:00
Modified
2024-08-06 10:28
Severity ?
CWE
  • n/a
Summary
CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20143026-header-injection(93065)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20143026-header-injection(93065)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20143026-header-injection(93065)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3026",
    "datePublished": "2014-07-29T20:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2185 (GCVE-0-2012-2185)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
http://secunia.com/advisories/50551 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/75784 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21610081 x_refsource_CONFIRM
http://osvdb.org/85183 vdb-entry, x_refsource_OSVDB
http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-info-disclosure(75784)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "85183",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85183"
          },
          {
            "name": "IV17942",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-info-disclosure(75784)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "85183",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85183"
        },
        {
          "name": "IV17942",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-info-disclosure(75784)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "85183",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85183"
            },
            {
              "name": "IV17942",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2185",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4512 (GCVE-0-2019-4512)
Vulnerability from cvelistv5
Published
2019-10-09 15:00
Modified
2024-09-17 02:36
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:47.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1075413"
          },
          {
            "name": "ibm-maximo-cve20194512-info-disc (164554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.1.1"
            }
          ]
        }
      ],
      "datePublic": "2019-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T15:00:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1075413"
        },
        {
          "name": "ibm-maximo-cve20194512-info-disc (164554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-10-08T00:00:00",
          "ID": "CVE-2019-4512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1075413",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1075413 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/pages/node/1075413"
            },
            {
              "name": "ibm-maximo-cve20194512-info-disc (164554)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4512",
    "datePublished": "2019-10-09T15:00:23.883418Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T02:36:34.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0457 (GCVE-0-2013-0457)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 14:25
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:10.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV20590",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-uisessionid-xss(81011)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV20590",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-uisessionid-xss(81011)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0457",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV20590",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-uisessionid-xss(81011)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0457",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:25:10.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3316 (GCVE-0-2012-3316)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 19:57
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:57:50.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mam-tpae-xss(77813)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "IV24609",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "mam-tpae-xss(77813)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "IV24609",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mam-tpae-xss(77813)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "IV24609",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3316",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T19:57:50.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4364 (GCVE-0-2019-4364)
Vulnerability from cvelistv5
Published
2019-06-19 13:30
Modified
2024-09-16 18:39
Severity ?
5.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Gain Privileges
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
          },
          {
            "name": "ibm-maximo-cve20194364-code-exec (161680)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
          },
          {
            "name": "108910",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T12:06:04",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
        },
        {
          "name": "ibm-maximo-cve20194364-code-exec (161680)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
        },
        {
          "name": "108910",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108910"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00",
          "ID": "CVE-2019-4364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "U",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887557",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887557 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
            },
            {
              "name": "ibm-maximo-cve20194364-code-exec (161680)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
            },
            {
              "name": "108910",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108910"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4364",
    "datePublished": "2019-06-19T13:30:19.753226Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:39:05.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3333 (GCVE-0-2012-3333)
Vulnerability from cvelistv5
Published
2014-05-26 10:00
Modified
2024-08-06 20:05
Severity ?
CWE
  • n/a
Summary
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV26377",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20123333-httprs(78145)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV26377",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20123333-httprs(78145)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV26377",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20123333-httprs(78145)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3333",
    "datePublished": "2014-05-26T10:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7395 (GCVE-0-2015-7395)
Vulnerability from cvelistv5
Published
2015-11-08 02:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-08T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7395",
    "datePublished": "2015-11-08T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2998 (GCVE-0-2013-2998)
Vulnerability from cvelistv5
Published
2014-05-26 10:00
Modified
2024-08-06 15:52
Severity ?
CWE
  • n/a
Summary
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:52:21.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV34110",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          },
          {
            "name": "ibm-maximo-cve20132998-info-disc(84841)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV34110",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        },
        {
          "name": "ibm-maximo-cve20132998-info-disc(84841)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-2998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV34110",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            },
            {
              "name": "ibm-maximo-cve20132998-info-disc(84841)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-2998",
    "datePublished": "2014-05-26T10:00:00",
    "dateReserved": "2013-04-12T00:00:00",
    "dateUpdated": "2024-08-06T15:52:21.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3321 (GCVE-0-2012-3321)
Vulnerability from cvelistv5
Published
2013-02-20 11:00
Modified
2024-08-06 19:57
Severity ?
CWE
  • n/a
Summary
IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:57:50.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mam-expiredpassword-security-bypass(77916)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "IV25198",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "mam-expiredpassword-security-bypass(77916)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "IV25198",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3321",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mam-expiredpassword-security-bypass(77916)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77916"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "IV25198",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3321",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T19:57:50.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-6194 (GCVE-0-2014-6194)
Vulnerability from cvelistv5
Published
2015-02-17 01:00
Modified
2024-08-06 12:10
Severity ?
CWE
  • n/a
Summary
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6194",
    "datePublished": "2015-02-17T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3323 (GCVE-0-2013-3323)
Vulnerability from cvelistv5
Published
2020-02-18 16:03
Modified
2024-08-06 16:07
Severity ?
CWE
  • n/a
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62685"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/235239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-18T16:03:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/62685"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/235239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/bid/62685",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/62685"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/235239",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/pages/node/235239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3323",
    "datePublished": "2020-02-18T16:03:12",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-1933 (GCVE-0-2015-1933)
Vulnerability from cvelistv5
Published
2015-10-04 01:00
Modified
2024-08-06 05:02
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-04T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1933",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1933",
    "datePublished": "2015-10-04T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-0914 (GCVE-0-2014-0914)
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 09:27
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
http://www.securityfocus.com/bid/68839 vdb-entry, x_refsource_BID
http://secunia.com/advisories/59640 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/533110/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www-01.ibm.com/support/docview.wss?uid=swg21678885 x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/59570 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/91883 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68839",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68839"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
          },
          {
            "name": "IV56679",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "ibm-maximo-cve20140914-xss(91883)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "68839",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68839"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
        },
        {
          "name": "IV56679",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "ibm-maximo-cve20140914-xss(91883)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68839",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68839"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
            },
            {
              "name": "IV56679",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "ibm-maximo-cve20140914-xss(91883)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0914",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0747 (GCVE-0-2012-0747)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:38
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
http://osvdb.org/85186 vdb-entry, x_refsource_OSVDB
http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032 vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/50551 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21610081 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/74731 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "85186",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85186"
          },
          {
            "name": "IV16032",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "ibm-maximo-sql-injection-iv16032(74731)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "85186",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85186"
        },
        {
          "name": "IV16032",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "ibm-maximo-sql-injection-iv16032(74731)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "85186",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85186"
            },
            {
              "name": "IV16032",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "ibm-maximo-sql-injection-iv16032(74731)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0747",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-0714 (GCVE-0-2012-0714)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 18:30
Severity ?
CWE
  • n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
http://osvdb.org/85179 vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/50551 third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/73534 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21610081 x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085 vendor-advisory, x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497 vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:54.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "85179",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85179"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "name": "ibm-maximo-csrf(73534)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          },
          {
            "name": "IV16085",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
          },
          {
            "name": "IV16497",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "85179",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85179"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "name": "ibm-maximo-csrf(73534)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        },
        {
          "name": "IV16085",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
        },
        {
          "name": "IV16497",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0714",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "85179",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85179"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "ibm-maximo-csrf(73534)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            },
            {
              "name": "IV16085",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
            },
            {
              "name": "IV16497",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0714",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:30:54.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7487 (GCVE-0-2015-7487)
Vulnerability from cvelistv5
Published
2016-01-27 02:00
Modified
2024-08-06 07:51
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-27T04:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7487",
    "datePublished": "2016-01-27T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:28.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1528 (GCVE-0-2018-1528)
Vulnerability from cvelistv5
Published
2018-08-06 14:00
Modified
2024-09-17 03:17
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
Version: 7.6.0
Version: 7.6.0.1
Version: 7.6.1
Version: 7.6.2
Version: 7.6.2.1
Version: 7.6.2.2
Version: 7.6.2.3
Version: 7.6.2.4
Version: 7.6.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:42.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
          },
          {
            "name": "105023",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105023"
          },
          {
            "name": "ibm-maximo-cve20181528-info-disc(142290)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.6.0.1"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.2"
            },
            {
              "status": "affected",
              "version": "7.6.2.3"
            },
            {
              "status": "affected",
              "version": "7.6.2.4"
            },
            {
              "status": "affected",
              "version": "7.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-09T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
        },
        {
          "name": "105023",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105023"
        },
        {
          "name": "ibm-maximo-cve20181528-info-disc(142290)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-07-31T00:00:00",
          "ID": "CVE-2018-1528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          },
                          {
                            "version_value": "7.6.0"
                          },
                          {
                            "version_value": "7.6.0.1"
                          },
                          {
                            "version_value": "7.6.1"
                          },
                          {
                            "version_value": "7.6.2"
                          },
                          {
                            "version_value": "7.6.2.1"
                          },
                          {
                            "version_value": "7.6.2.2"
                          },
                          {
                            "version_value": "7.6.2.3"
                          },
                          {
                            "version_value": "7.6.2.4"
                          },
                          {
                            "version_value": "7.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22017450",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
            },
            {
              "name": "105023",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105023"
            },
            {
              "name": "ibm-maximo-cve20181528-info-disc(142290)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1528",
    "datePublished": "2018-08-06T14:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:17:22.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-2183 (GCVE-0-2012-2183)
Vulnerability from cvelistv5
Published
2012-09-10 17:00
Modified
2024-08-06 19:26
Severity ?
CWE
  • n/a
Summary
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/75776 vdb-entry, x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212 vendor-advisory, x_refsource_AIXAPAR
http://osvdb.org/85185 vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/50551 third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21610081 x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-session-fixation-iv09212(75776)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
          },
          {
            "name": "IV09212",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
          },
          {
            "name": "85185",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85185"
          },
          {
            "name": "50551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50551"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-session-fixation-iv09212(75776)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
        },
        {
          "name": "IV09212",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
        },
        {
          "name": "85185",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85185"
        },
        {
          "name": "50551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50551"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2183",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-session-fixation-iv09212(75776)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
            },
            {
              "name": "IV09212",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
            },
            {
              "name": "85185",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85185"
            },
            {
              "name": "50551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50551"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2183",
    "datePublished": "2012-09-10T17:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5464 (GCVE-0-2013-5464)
Vulnerability from cvelistv5
Published
2014-05-26 16:00
Modified
2024-08-06 17:15
Severity ?
CWE
  • n/a
Summary
IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV46277",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
          },
          {
            "name": "ibm-maximo-cve20135464-storerooms(88362)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV46277",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
        },
        {
          "name": "ibm-maximo-cve20135464-storerooms(88362)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5464",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV46277",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
            },
            {
              "name": "ibm-maximo-cve20135464-storerooms(88362)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5464",
    "datePublished": "2014-05-26T16:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4303 (GCVE-0-2019-4303)
Vulnerability from cvelistv5
Published
2019-06-19 13:30
Modified
2024-09-16 23:00
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C
CWE
  • Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:38.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
          },
          {
            "name": "ibm-maximo-cve20194303-xss (160949)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
          },
          {
            "name": "108912",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-27T13:06:08",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
        },
        {
          "name": "ibm-maximo-cve20194303-xss (160949)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
        },
        {
          "name": "108912",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-17T00:00:00",
          "ID": "CVE-2019-4303",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "L",
              "I": "L",
              "PR": "L",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "H",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10887563",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 887563 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
            },
            {
              "name": "ibm-maximo-cve20194303-xss (160949)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
            },
            {
              "name": "108912",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4303",
    "datePublished": "2019-06-19T13:30:19.709079Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T23:00:36.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4048 (GCVE-0-2019-4048)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-16 17:59
Severity ?
2.1 (Low) - CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
CWE
  • Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
References
Impacted products
Vendor Product Version
IBM Maximo Asset Management Version: 7.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:26:27.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
          },
          {
            "name": "ibm-maximo-cve20194048-info-disc (156311)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2019-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 1.9,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:L/S:U/UI:N/A:N/I:N/PR:L/AV:P/AC:L/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-06T00:35:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
        },
        {
          "name": "ibm-maximo-cve20194048-info-disc (156311)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-06-03T00:00:00",
          "ID": "CVE-2019-4048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "P",
              "C": "L",
              "I": "N",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10880147",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 880147 (Maximo Asset Management)",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
            },
            {
              "name": "ibm-maximo-cve20194048-info-disc (156311)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4048",
    "datePublished": "2019-06-06T00:35:18.759822Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:59:00.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2014-05-26 11:14
Modified
2025-04-12 10:46
Severity ?
Summary
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV34110
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84841
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84841
Impacted products
Vendor Product Version
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code."
    },
    {
      "lang": "es",
      "value": "frontcontroller.jsp en IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de un action_code inv\u00e1lido."
    }
  ],
  "id": "CVE-2013-2998",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T11:14:51.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84841"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-03 15:29
Modified
2024-11-21 03:59
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/142116VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg22017452Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/142116VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg22017452Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_for_aviation 7.6.0.0
ibm maximo_for_aviation 7.6.1.0
ibm maximo_for_aviation 7.6.2.0
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3.0
ibm maximo_for_life_sciences 7.6.0.0
ibm maximo_for_nuclear_power 7.6.0.0
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.6.0.0
ibm maximo_for_transportation 7.6.1.0
ibm maximo_for_transportation 7.6.2.0
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6.0.0
ibm smartcloud_control_desk 7.6.0.0
ibm smartcloud_control_desk 7.6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCFD28A-B0AD-4FA5-9774-A92220F29970",
              "versionEndIncluding": "7.6.3.0",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F3899C-18C5-4A64-92EC-83C73EBEE057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "95583119-EC0D-4C54-BDA3-8E02A2466870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "305E7DA7-1E2E-407A-9362-CF57C0D4AD6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B780FAB9-B58D-4622-B2B4-97662B9421CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA93D8B-45B2-445C-85CB-FB594D1746F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F39E45D-3415-45E2-9852-46C0AA109B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651E3E5-5A2C-468E-B686-662DDC162644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B428BE8-BDFF-488A-91E8-E70613589640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FCC6013-BE3C-4C7D-BA7A-49529F0697C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB777BBB-7969-4D0D-89A6-C0E2FC9B2569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "800B9C4C-70D7-4E3D-86BD-1855B14910F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management, de la versi\u00f3n 7.6 a la 7.6.3, se instala con una cuenta de administrador por defecto que podr\u00eda ser empleada por un atacante remoto para obtener acceso de administrador al sistema. Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-4966. IBM X-Force ID: 142116."
    }
  ],
  "id": "CVE-2018-1524",
  "lastModified": "2024-11-21T03:59:57.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-03T15:29:00.340",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017452"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV46511
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88364
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/88364
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm change_and_configuration_management_database 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.11
ibm change_and_configuration_management_database 7.1.1.12
ibm maximo_service_desk 7.1.1.7
ibm maximo_service_desk 7.1.1.11
ibm maximo_service_desk 7.1.1.12
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_it_asset_management_for_it 7.1.1.11
ibm tivoli_it_asset_management_for_it 7.1.1.12
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm tivoli_service_request_manager 7.1.1.11
ibm tivoli_service_request_manager 7.1.1.12
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140323-0749, 7.1.1.12 anterior a IFIX.20140321-1336, 7.5.x anterior a 7.5.0.3 IFIX027 y 7.5.0.4 anterior a IFIX011; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140207-1801 y 7.1.1.12 anterior a IFIX.20140218-1510 no restringen debidamente tipos de archivo durante subidas, lo que permite a usuarios remotos autenticados tener un impacto no especificado a trav\u00e9s de un tipo inv\u00e1lido."
    }
  ],
  "id": "CVE-2013-5465",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:02.927",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV50316
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/89857
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89857
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.7
ibm maximo_service_desk 7.1.1.7
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837 y 7.5.x anterior a 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 permite a usuarios remotos autenticados obtener informaci\u00f3n de traza de pila potencialmente sensible mediante la provocaci\u00f3n de un error Birt."
    }
  ],
  "id": "CVE-2013-6741",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:03.003",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV17963
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74306
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74306
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar SQL arbitrario \u00f3rdenes a trav\u00e9s de vectores"
    }
  ],
  "id": "CVE-2012-0727",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-10T17:55:01.070",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74306"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV46277
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88362
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/88362
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with restricted storerooms, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5.x anterior a 7.5.0.3 IFIX027, 7.5.0.4 anterior a IFIX011 y 7.5.0.5 anterior a IFIX006 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permiten a usuarios remotos autenticados evadir restricciones de acceso, y modificar recuentos f\u00edsicos asociados con almacenes restringidos, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5464",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:02.863",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88362"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV24609
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77813
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77813
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0
ibm maximo_service_desk 6.2
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en Tivoli Process Automation Engine (TPAE) en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 a la v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-3316",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.803",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV25198
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77916
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77916
Impacted products
Vendor Product Version
ibm smartcloud_control_desk 7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password."
    },
    {
      "lang": "es",
      "value": "IBM SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente evitar las restricciones de acceso implementadas a trav\u00e9s de vectores que involucran a la caducidad de la contrase\u00f1a."
    }
  ],
  "id": "CVE-2012-3321",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:21.897",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77916"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV27329
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80748
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80748
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, y SmartCloud Control Desk 7.5 permite a usuarios remotos autenticados para obtener privilegios a trav\u00e9s de vectores relacionados con una operaci\u00f3n de importaci\u00f3n."
    }
  ],
  "id": "CVE-2012-6356",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.520",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/155554VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10880145Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/155554VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10880145Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_asset_management 7.6
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir que un usuario autenticado sustituya una p\u00e1gina de destino por un sitio de phishing, lo que permitir\u00eda al atacante obtener informaci\u00f3n muy confidencial. ID de IBM X-Force: 155554."
    }
  ],
  "id": "CVE-2018-2028",
  "lastModified": "2024-11-21T04:03:36.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.227",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV20344
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77960
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77960
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-3326",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.537",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77960"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV19887
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75780
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75780
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en IBM Maximo Asset Management 7.1 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html \u0027CWE-384: Session Fixation\u0027",
  "id": "CVE-2012-2184",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.413",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://secunia.com/advisories/59640
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV56679
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678885Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/archive/1/533110/100/0/threaded
psirt@us.ibm.comhttp://www.securityfocus.com/bid/68839
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91883
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678885Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/533110/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/68839
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91883
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials *
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government *
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences *
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power *
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas *
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation *
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities *
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_service_desk *
ibm smartcloud_control_desk *
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_it_asset_management_for_it *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8 y 6.x y 7.x hasta 7.5.0.6, Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk y Maximo Asset Management 6.2 hasta 6.2.8 para Tivoli IT Asset Management for IT y Maximo Service Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo Query Description."
    }
  ],
  "id": "CVE-2014-0914",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.177",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/68839"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21969052Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21969052Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y llevar a cabo un inicio de sesi\u00f3n introduciendo una contrase\u00f1a caducada."
    }
  ],
  "id": "CVE-2015-5017",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T05:59:03.897",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV53362
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90501
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90501
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.0
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.11
ibm change_and_configuration_management_database 7.1.1.12
ibm maximo_service_desk 7.1.1.7
ibm maximo_service_desk 7.1.1.11
ibm maximo_service_desk 7.1.1.12
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_it_asset_management_for_it 7.1.1.11
ibm tivoli_it_asset_management_for_it 7.1.1.12
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm tivoli_service_request_manager 7.1.1.11
ibm tivoli_service_request_manager 7.1.1.12
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en openreport.jsp en IBM Maximo Asset Management 7.x anterior a 7.1.1.12 IFIX.20140321-1336 y 7.5.x anterior a 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.12 IFIX.20140218-1510 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro report manipulado."
    }
  ],
  "id": "CVE-2014-0825",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-26T16:55:03.130",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-17 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21695597Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96141
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21695597Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/96141
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estaci\u00f3n de trabajo desatendida."
    }
  ],
  "evaluatorComment": "Per an \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\"\u003eIBM Security Bulletin\u003c/a\u003e IBM identifies access vector as local",
  "id": "CVE-2014-6102",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-17T01:59:00.053",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-02 05:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21972423Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21972423Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para SmartCloud Control Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2015-7451",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T05:59:08.797",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV15530
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77787
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77787
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-3313",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.507",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77787"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV46745
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/88308
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/88308
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permiten a usuarios remotos autenticados evadir restricciones de acceso y leer registros de comunicaci\u00f3n asociados con registros no relacionados a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5460",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:02.800",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88308"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-04 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21964855Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21964855Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no cifran adecuadamente las contrase\u00f1as, lo que facilita a atacantes dependientes del contexto determinar contrase\u00f1as en texto plano aprovechando el acceso a un archivo de contrase\u00f1a."
    }
  ],
  "id": "CVE-2015-1934",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-04T02:59:01.660",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV23838
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77918
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77918
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0
ibm maximo_service_desk 6.2
ibm change_and_configuration_management_database 7.1.
ibm change_and_configuration_management_database 7.2.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente, inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el \"display name\"."
    }
  ],
  "id": "CVE-2012-3322",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.943",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-11-08 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21969072Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21969072Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005 y 7.6.0 en versiones anteriores a 7.6.0.2 FP002; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 FP002 para SmartCloud Control Desk y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros productos permite a usuarios remotos autenticados eludir las restricciones destinadas al cambio de orden de trabajo a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7395",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-08T03:59:00.117",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21966194Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21966194Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
    },
    {
      "lang": "es",
      "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management para IT y otros ciertos productos permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de un archivo de (1) respaldo o (2) aplicaci\u00f3n de depuraci\u00f3n."
    }
  ],
  "id": "CVE-2015-4965",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-06T01:59:11.360",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-03-12 15:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21974938Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21974938Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.1.1
ibm change_and_configuration_management_database 7.1.1.2
ibm change_and_configuration_management_database 7.1.1.3
ibm change_and_configuration_management_database 7.1.1.4
ibm change_and_configuration_management_database 7.1.1.5
ibm change_and_configuration_management_database 7.1.1.6
ibm change_and_configuration_management_database 7.2
ibm change_and_configuration_management_database 7.2.0.1
ibm change_and_configuration_management_database 7.2.0.2
ibm change_and_configuration_management_database 7.2.1
ibm change_and_configuration_management_database 7.2.1.1
ibm change_and_configuration_management_database 7.2.1.2
ibm change_and_configuration_management_database 7.2.1.3
ibm change_and_configuration_management_database 7.2.1.4
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_asset_management_essentials 7.5.0.6
ibm maximo_asset_management_essentials 7.5.0.7
ibm maximo_asset_management_essentials 7.5.0.8
ibm maximo_asset_management_essentials 7.5.0.9
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.1.1
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.1.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.1
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.1.0.1
ibm maximo_for_oil_and_gas 7.1.1.0
ibm maximo_for_oil_and_gas 7.1.2
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_oil_and_gas 7.5.1
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.1.0.1
ibm maximo_for_transportation 7.1.1
ibm maximo_for_transportation 7.1.1.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.1.0
ibm maximo_for_transportation 7.6.0.0
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.1.1
ibm maximo_for_utilities 7.1.2
ibm maximo_for_utilities 7.5
ibm maximo_for_utilities 7.5.0.1
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm smartcloud_control_desk 7.5.1.3
ibm smartcloud_control_desk 7.5.3
ibm smartcloud_control_desk 7.5.3.1
ibm smartcloud_control_desk 7.6
ibm smartcloud_control_desk 7.6.0.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_asset_management_for_it 7.2.0.1
ibm tivoli_asset_management_for_it 7.2.1.0
ibm tivoli_asset_management_for_it 7.2.1.2
ibm tivoli_asset_management_for_it 7.2.2
ibm tivoli_asset_management_for_it 7.2.2.1
ibm tivoli_asset_management_for_it 7.2.2.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.1
ibm tivoli_service_request_manager 7.1.0.2
ibm tivoli_service_request_manager 7.1.0.3
ibm tivoli_service_request_manager 7.1.0.4
ibm tivoli_service_request_manager 7.1.0.5
ibm tivoli_service_request_manager 7.2
ibm tivoli_service_request_manager 7.2.0.1
ibm tivoli_service_request_manager 7.2.1.0
ibm tivoli_service_request_manager 7.2.1.1
ibm tivoli_service_request_manager 7.2.1.2
ibm tivoli_service_request_manager 7.2.1.3
ibm tivoli_service_request_manager 7.2.1.4
ibm tivoli_service_request_manager 7.2.1.5
ibm tivoli_service_request_manager 7.2.1.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CC8BE0-5DFD-4D51-8C14-333596151E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D13A5E-AC99-4632-8987-2C1CC3AC9376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0C5995-8850-4AFE-9008-8ED3DE17E2F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "92B6F032-D50D-43C3-ADF2-C67FAD74A58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C5BFF2-8361-485D-9DE5-80323EFAFFB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8194D6-55CE-4760-8F27-4990FFA32F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A7E369-EBBD-4456-AE47-712CB273F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4B91AA-C45B-42F8-A7AC-D64DE66B5AA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D30DA9-2096-421C-AEE3-EA83D2AA5996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F13CF56-5007-413D-A936-B3667E0051D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "019C8B6D-0669-447E-9EB3-F6A9B42797FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9956DF3-70A3-49CD-9145-B0C880D3DACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC336DAB-A3DE-48B7-AC32-89F46F21887B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F90E1F-C0A0-4D6C-A497-9CC3AAF9ECB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE37A22-D39D-4B80-BD3B-31009824126B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1ECDC62-A636-4DB4-9C1B-B52722631DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FBE3268-230C-4B1A-B0D9-21B0158EE10F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1297463-A52F-4657-A8D0-366B34C6534E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "926B2AE3-B65D-4A36-8B0D-4B0EB42D99A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E20654-F96C-4753-85F3-5D956F433D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3795A39-8488-4F09-A7B5-600D4F8E7FD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0773CDA-CE18-4717-9C12-8CFD8848EEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D874CE6A-1885-4EB7-B77E-3D22C208E55B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2CEE0F-EF29-4D41-8E74-0538CAF9D612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA87EC4-0CBB-4173-BA0B-DD633D271442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6442C6D-E74B-47A0-9701-5461F651976F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82E2804-9085-45AA-A97E-974CE652DF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5543E50-0B54-405B-A10A-06A08FF9E0C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD13DA8-00F5-43CE-BBAE-EB7DE0E46F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3DB206-074F-4533-B466-CB73883FA8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F976949C-D8C6-4567-ADC4-E5C14D0D7C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1F14EE-6B26-427D-8FFB-94EC042C0FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC2697AF-D5A6-470D-9031-8677BBB20EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5680D2FE-5D9F-4DB6-9D5B-48A425CD7014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B0CE60-ABE6-44BA-95BA-13977D244963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "085C1DEF-0B4B-4070-A665-1382AAD04BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F0397C-8B0C-49CD-BBB7-F9286EAFD8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCDD59E9-2CC7-459B-B6C9-9EEFB92FCBAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FDA27E-6933-4346-9DF3-BD0387192FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EDBC180-B618-49A3-824F-B4DDF119FD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "25D37ADF-49A6-4EF6-9B69-5EC83DB54CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B34B0-D451-4B33-8F81-36718998C857",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1F47F9-4D3D-439A-BEE8-F270C9BA7B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87F7EA33-B49A-4283-8A00-9B629508143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2633424C-ACB6-4AE0-AA25-CAE343C88359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE4D7F1-66CF-466E-8747-68AA3D23E03A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5683C1E-AEF4-40FF-9069-7391C0BEA343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0EDB633-C4B8-4770-9B16-94F106C639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2396D4-D367-4811-AD7C-8B8FEE42B008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A3FD84-9497-47B7-8B9C-15DEEF5267F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 IFIX003, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros determinados productos permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7448",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-12T15:59:01.430",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-27 05:59
Modified
2025-04-12 10:46
Severity ?
4.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21974537Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21974537Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_asset_management_essentials 7.5.0.6
ibm maximo_asset_management_essentials 7.5.0.7
ibm maximo_asset_management_essentials 7.5.0.8
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 IFIX002, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permiten a usuarios locales obtener informaci\u00f3n sensible aprovechando privilegios administrativos y leyendo archivos de registro."
    }
  ],
  "id": "CVE-2015-7487",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-27T05:59:01.260",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-02 21:59
Modified
2025-04-12 10:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21972463Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21972463Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para SmartCloud Control Desk permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de la API REST."
    }
  ],
  "id": "CVE-2015-7452",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T21:59:16.927",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21963973Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21963973Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2015-4944",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-10-06T01:59:09.313",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV17964
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74307
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74307
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, M\u00e1ximo Service Desk, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-0728",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-10T17:55:01.147",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-08-29 09:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users.
References
psirt@us.ibm.comhttp://secunia.com/advisories/60408
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV56643
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21679918Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1030781
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93063
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60408
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21679918Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030781
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93063
Impacted products
Vendor Product Version
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en IBM Maximo Asset Management 7.1 hasta 7.1.1.12 y 7.5 hasta 7.5.0.6 y Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
    }
  ],
  "id": "CVE-2014-3024",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-29T09:55:07.713",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60408"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1030781"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93063"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-02 21:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21970799Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21970799Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El Scheduler en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.1 FP1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.1 FP1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y obtener informaci\u00f3n sensible o datos modificados, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7396",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T21:59:02.343",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
psirt@us.ibm.comhttp://osvdb.org/85179
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV16085
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV16497
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73534
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85179
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/73534
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar la autenticaci\u00f3n de las v\u00edctimas a trav\u00e9s de vectores no especificados desconocidos."
    }
  ],
  "id": "CVE-2012-0714",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:00.977",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85179"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV17961
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74726
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74726
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Tivoli Asset Management for IT, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite remoto autenticado usuarios de inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-0746",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.273",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74726"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://secunia.com/advisories/59640
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV57241
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678754Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93064
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678754Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93064
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials *
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government *
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences *
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power *
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas *
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation *
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities *
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_service_desk *
ibm smartcloud_control_desk *
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_it_asset_management_for_it *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entradas no especificadas en un fichero .jsp bajo webclient/utility/."
    }
  ],
  "id": "CVE-2014-3025",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.380",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/156565VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10880149Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/156565VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10880149Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_asset_management 7.6
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n  Work Center de IBM Maximo Asset Management versi\u00f3n 7.6 no comprueba el tipo de archivo en la carga, lo que permite a los atacantes cargar archivos maliciosos. ID de IBM X-Force: 156565."
    }
  ],
  "id": "CVE-2019-4056",
  "lastModified": "2024-11-21T04:43:05.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.337",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/164554VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1075413Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/164554VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1075413Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.1.1
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.1, genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 164554."
    }
  ],
  "id": "CVE-2019-4512",
  "lastModified": "2024-11-21T04:43:40.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-09T16:15:16.267",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075413"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-01 20:59
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21991893Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/94355Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21991893Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94355Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.0
ibm maximo_for_aviation -
ibm maximo_for_life_sciences -
ibm maximo_for_nuclear_power -
ibm maximo_for_oil_and_gas -
ibm maximo_for_transportation -
ibm maximo_for_utilities -
ibm smartcloud_control_desk -
ibm tivoli_asset_management_for_it -
ibm tivoli_change_and_configuration_management_database -
ibm tivoli_integration_composer -
ibm tivoli_service_request_manager -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3823051F-FD38-4874-8692-9744B82E65A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0660482-340B-4FDA-8F0A-323BE0167800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E7B2B1-2746-40A4-83FC-DCEDE8B607BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DB8F6D-F7DB-485B-80D9-368188F2E858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "537D5FEA-7809-4CB6-9D71-FC3C408B2611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE303C7-7873-4754-926D-122FD45337FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54804AB9-79D4-45F8-98A3-B7D441849321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82C3D17D-CAA1-4ACE-9FF1-76FC9735ED67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A2B9AC-D5F8-4143-B1A5-4E26CCBCB3E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la IU Web alterando as\u00ed la funcionalidad prevista que potencialmente conduce a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
    }
  ],
  "id": "CVE-2016-6072",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T20:59:02.177",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94355"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
psirt@us.ibm.comhttp://osvdb.org/85183
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV17942
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75784
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85183
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75784
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados para obtener informaci\u00f3n sensible a trav\u00e9s indeterminado vectores."
    }
  ],
  "id": "CVE-2012-2185",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-10T17:55:01.460",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85183"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75784"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-17 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21694035Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/98605
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21694035Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/98605
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en un formulario web no especificado en IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en un nombre de ruta."
    }
  ],
  "id": "CVE-2014-6194",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-17T01:59:01.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-18 17:15
Modified
2024-11-21 01:53
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
cve@mitre.orghttp://www.securityfocus.com/bid/62685Third Party Advisory, VDB Entry
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240VDB Entry, Vendor Advisory
cve@mitre.orghttps://www.ibm.com/support/pages/node/235239Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62685Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/235239Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 6.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.5
ibm maximo_asset_management_essentials 6.2
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_government 6.2
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 6.2
ibm maximo_for_life_sciences 6.4
ibm maximo_for_life_sciences 6.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5
ibm maximo_for_nuclear_power 6.2
ibm maximo_for_nuclear_power 6.3
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 6.2
ibm maximo_for_oil_and_gas 6.3
ibm maximo_for_oil_and_gas 6.4
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 6.2
ibm maximo_for_transportation 6.3
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 6.2
ibm maximo_for_utilities 6.3
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "095A16F3-FA2C-4D0D-BA04-597FB2FF03FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "235F85B1-345A-4CE2-9DBE-A03D49D14583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "450D430F-6E81-4DD5-9D64-3676B2D3C16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3749FF3-86DE-40CA-8A04-0987C47EA1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5EC94-7A48-487E-BCCC-8B434E8735E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E78E1CA-83D8-4497-AF4E-A017B778107A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2906AF03-C662-4EBF-A3A3-E79DE4831F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3054179C-29D4-4098-816C-85A2CAE4103F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97B731D-8002-43D8-BF43-B32B852D0BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC611AA-993B-4C91-9EF8-ACA3D3E11F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6476767B-52DD-4A29-A379-96BFE964CA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDCDD396-CFB4-4AC9-A025-4E132FC333E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01048E18-A71F-4AC7-971E-6CE772ACE81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticaci\u00f3n B\u00e1sica es usado, debido a un fallo al invalidar la sesi\u00f3n de autenticaci\u00f3n, lo que podr\u00eda permitir a un usuario malicioso obtener acceso no autorizado."
    }
  ],
  "id": "CVE-2013-3323",
  "lastModified": "2024-11-21T01:53:23.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-18T17:15:12.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62685"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/235239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/235239"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-11-08 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21968191Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21968191Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.5.0.9
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM M\u00e1ximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 FP009 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX001; M\u00e1ximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 FP009, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX001 para SmartCloud Control Desk; y M\u00e1ximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos tienen una cuenta de administrador por defecto, lo que hace m\u00e1s f\u00e1cil a usuarios remotos autenticados obtener acceso a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-4966",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-08T22:59:13.077",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-24 12:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/164070VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1075023Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/164070VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1075023Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_asset_management *
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk 7.6.0
ibm smartcloud_control_desk 7.6.0.1
ibm tivoli_integration_composer 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D8BBE4-26EC-4488-95B7-32B46C574CA9",
              "versionEndExcluding": "7.6.0.10",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C55730A-B02C-4EBF-BBB1-0BEB566D8817",
              "versionEndExcluding": "7.6.1.1",
              "versionStartIncluding": "7.6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED8884A-10E2-41F8-B057-126F5503D5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AF2B2A-A380-45BA-867F-11F0FD159590",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 164070."
    }
  ],
  "id": "CVE-2019-4486",
  "lastModified": "2024-11-21T04:43:39.853",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-24T12:15:12.070",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1075023"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV20590
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/81011
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/81011
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y SmartCloud Control Desk v7.5 que permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con un identificador de sesi\u00f3n de la interfaz de usuario (uisessionid)."
    }
  ],
  "id": "CVE-2013-0457",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:22.630",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV22698
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78039
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/78039
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0
ibm maximo_service_desk 6.2
ibm change_and_configuration_management_database 7.1.
ibm change_and_configuration_management_database 7.2.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v6.2 hasta v7.5, Maximo Asset Management Essentials v6.2 hasta v7.5, Tivoli Asset Management for IT v6.2 hasta v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change and Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5 que permite ataques remotos que inyectan comandos web o HTML a trav\u00e9s de vectores relacionados con una acci\u00f3n de registro."
    }
  ],
  "id": "CVE-2012-3327",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.990",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2025-04-12 10:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21970797Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21970797Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5
ibm maximo_asset_management 7.6
ibm maximo_asset_management_essentials 7.5
ibm maximo_asset_management_essentials 7.6
ibm maximo_for_government 7.5
ibm maximo_for_life_sciences 7.5
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.5
ibm maximo_for_oil_and_gas 7.5
ibm maximo_for_transportation 7.5
ibm maximo_for_utilities 7.5
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB43A8FB-E429-4BD4-8787-E538352D8D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.2 IF1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.2 IF1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso en resultados de consulta a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-5051",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T05:59:09.990",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-19 14:15
Modified
2024-11-21 04:43
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/108910Broken Link, Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/161680VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10887557Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108910Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/161680VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10887557Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a la inyecci\u00f3n de CSV, lo que podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. ID de IBM X-Force: 161680."
    }
  ],
  "id": "CVE-2019-4364",
  "lastModified": "2024-11-21T04:43:30.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T14:15:11.020",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108910"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1236"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-04 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21965080Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21965080Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX001 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX001 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no tienen un atributo off autocomplete para el campo password, lo que facilita a atacantes remotos obtener acceso aprovechando una estaci\u00f3n de trabajo desatendida."
    }
  ],
  "evaluatorComment": "Per http://www-01.ibm.com/support/docview.wss?uid=swg21965080:\n\" This vulnerability could allow a local attacker to obtain account access.\"",
  "id": "CVE-2015-1933",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-04T02:59:00.097",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-03-14 01:59
Modified
2025-04-12 10:46
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21976949Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21976949Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm smartcloud_control_desk -
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management 7.6.0.1
ibm maximo_asset_management 7.6.0.2
ibm maximo_asset_management 7.6.0.3
ibm maximo_for_government -
ibm maximo_for_life_sciences -
ibm maximo_for_nuclear_power -
ibm maximo_for_oil_and_gas -
ibm maximo_for_transportation -
ibm maximo_for_utilities -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6952A03A-657B-4CE9-8C85-1EBEB6D090FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0660482-340B-4FDA-8F0A-323BE0167800",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E7B2B1-2746-40A4-83FC-DCEDE8B607BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DB8F6D-F7DB-485B-80D9-368188F2E858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "537D5FEA-7809-4CB6-9D71-FC3C408B2611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE303C7-7873-4754-926D-122FD45337FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.6 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y leer registros de trabajo de \u00f3rdenes de compra arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-0222",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-14T01:59:01.467",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV53952
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90738
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90738
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.x anterior a 7.5.0.3 IFIX027 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permiten a usuarios remotos autenticados ganar privilegios mediante el aprovechamiento de la pertenencia a dos grupos de seguridad."
    }
  ],
  "id": "CVE-2014-0849",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:03.190",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90738"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-06 14:29
Modified
2024-11-21 03:59
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/105023Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/142290VDB Entry
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg22017450Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105023Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/142290VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg22017450Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management *
ibm maximo_for_aviation 7.6.0.0
ibm maximo_for_aviation 7.6.1.0
ibm maximo_for_aviation 7.6.2.0
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3.0
ibm maximo_for_life_sciences 7.6.0.0
ibm maximo_for_nuclear_power 7.6.0.0
ibm maximo_for_oil_and_gas 7.6.0.0
ibm maximo_for_transportation 7.6.1.0
ibm maximo_for_transportation 7.6.2.0
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6.0.0
ibm smartcloud_control_desk 7.6.0.0
ibm smartcloud_control_desk 7.6.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCFD28A-B0AD-4FA5-9774-A92220F29970",
              "versionEndIncluding": "7.6.3.0",
              "versionStartIncluding": "7.6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F3899C-18C5-4A64-92EC-83C73EBEE057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "95583119-EC0D-4C54-BDA3-8E02A2466870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "305E7DA7-1E2E-407A-9362-CF57C0D4AD6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B780FAB9-B58D-4622-B2B4-97662B9421CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBA93D8B-45B2-445C-85CB-FB594D1746F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F39E45D-3415-45E2-9852-46C0AA109B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A651E3E5-5A2C-468E-B686-662DDC162644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B428BE8-BDFF-488A-91E8-E70613589640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FCC6013-BE3C-4C7D-BA7A-49529F0697C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB777BBB-7969-4D0D-89A6-C0E2FC9B2569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "800B9C4C-70D7-4E3D-86BD-1855B14910F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management, desde la versi\u00f3n 7.6 hasta la 7.6.3, podr\u00eda permitir que un usuario autenticado obtenga informaci\u00f3n sensible desde la API WhoAmI. IBM X-Force ID: 142290."
    }
  ],
  "id": "CVE-2018-1528",
  "lastModified": "2024-11-21T03:59:57.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-06T14:29:00.653",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105023"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22017450"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://osvdb.org/85186
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV16032
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/74731
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85186
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74731
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, M\u00e1ximo Service Desk, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-0747",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-10T17:55:01.320",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85186"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74731"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-10 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
References
psirt@us.ibm.comhttp://osvdb.org/85185
psirt@us.ibm.comhttp://secunia.com/advisories/50551Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV09212
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21610081
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/75776
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85185
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50551Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21610081
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75776
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 6.0
ibm change_and_configuration_management_database 7.0
ibm maximo_asset_management 6.2.0.0
ibm maximo_asset_management 7.1.0.0
ibm maximo_asset_management 7.5.0.0
ibm maximo_service_desk 6.2
ibm smartcloud_control_desk 7.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B341ABF7-7CD3-4A62-97F9-2E62E2042C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "789E00F7-D6CD-4F8C-B785-CB17DB11AEDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0265899D-68B5-4C15-997E-28F485D8B9D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en IBM Maximo Asset Management 6.2 a 7.5, tal como se utiliza en la Mesa de Control SmartCloud, Gesti\u00f3n de Activos de TI de Tivoli, Tivoli Service Request, Informaci\u00f3n Maximo Service, y el cambio y la base de datos de administraci\u00f3n de configuraci\u00f3n (CCMDB), permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html\r\n\r\n\u0027CWE-384: Session Fixation\u0027",
  "id": "CVE-2012-2183",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-10T17:55:01.367",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85185"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75776"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV55019
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91287
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91287
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified parameters."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en customreport.jsp en IBM Maximo Asset Management 7.5.x anterior a 7.5.0.5 IFIX006 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados."
    }
  ],
  "id": "CVE-2014-0893",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-26T16:55:03.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91287"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-12-18 16:04
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV49268
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21660032Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/64333
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87298
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21660032Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64333
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87298
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm change_and_configuration_management_database 7.1.1.12
ibm change_and_configuration_management_database 7.1.2
ibm change_and_configuration_management_database 7.2
ibm change_and_configuration_management_database 7.2.0.1
ibm tivoli_asset_management_for_it 7.1.1.12
ibm tivoli_asset_management_for_it 7.1.2
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_asset_management_for_it 7.2.0.1
ibm tivoli_service_request_manager 7.1.1.12
ibm tivoli_service_request_manager 7.1.2
ibm tivoli_service_request_manager 7.2
ibm tivoli_service_request_manager 7.2.0.1
ibm tivoli_service_request_manager 7.2.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E052B5F4-34AD-46CE-836F-43FCD4B5B7BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A7E369-EBBD-4456-AE47-712CB273F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6562F50F-0566-4C82-AE66-36049B220C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEE1180-9EC7-4078-B90E-077489E4F586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1F14EE-6B26-427D-8FFB-94EC042C0FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "477D96BA-18FC-4B02-B0F7-276F93D9A25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1F47F9-4D3D-439A-BEE8-F270C9BA7B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87F7EA33-B49A-4283-8A00-9B629508143E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de cross-site scripting (XSS) en IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, y Maximo for  Utilities 7.1.x a 7.1.1.12, 7.5 anteriores a 7.5.0.3 IFIX014, y 7.5.0.5 anteriores a IFIX003; SmartCloud Control Desk (SCCD) 7.5 anteriores a 7.5.0.3 IFIX014 y 7.5.0.5 anteriores a IFIX003; y Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, y Change y Configuration Management Database (CCMDB) 7.1.x a 7.1.1.12, 7.1.2, y 7.2.x a 7.2.1 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5402",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-18T16:04:33.553",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/64333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 11:14
Modified
2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV26377
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78145
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/78145
Impacted products
Vendor Product Version
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF en IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de un par\u00e1metro manipulado en una URL."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/93.html\n\n\"CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\"",
  "id": "CVE-2012-3333",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T11:14:51.110",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78145"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV30384
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80747
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80747
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm tivoli_asset_management_for_it 6.0
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.2.0.0
ibm maximo_service_desk 6.2
ibm change_and_configuration_management_database 7.1.
ibm change_and_configuration_management_database 7.2.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 a 7.5, Maximo Asset Management Essentials 6.2 a 7.5, Tivoli Asset Management for IT 6.2 a 7.2, Tivoli Service Request 7,1 y 7,2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, y SmartCloud Control Desk 7.5, permiten a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores relacionados con una orden de trabajo."
    }
  ],
  "id": "CVE-2012-6355",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.473",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:43
Severity ?
2.1 (Low) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/156311VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10880147Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/156311VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10880147Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm control_desk 7.6.1
ibm maximo_asset_management 7.6
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir a un usuario f\u00edsico del sistema obtener informaci\u00f3n confidencial de un usuario anterior de la misma m\u00e1quina. ID de IBM X-Force: 156311."
    }
  ],
  "id": "CVE-2019-4048",
  "lastModified": "2024-11-21T04:43:05.247",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-06T01:29:00.290",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://secunia.com/advisories/59640
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678894Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/archive/1/533110/100/0/threaded
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91884
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678894Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/533110/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91884
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials *
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government *
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences *
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power *
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas *
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation *
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities *
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_service_desk *
ibm smartcloud_control_desk *
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_it_asset_management_for_it *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el campo KPI display name o (2) un campo portlet."
    }
  ],
  "id": "CVE-2014-0915",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-08-29 09:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/60408
psirt@us.ibm.comhttp://secunia.com/advisories/60453
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV61274
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21681020Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1030780
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93955
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60408
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60453
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21681020Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030780
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93955
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.1
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 6.5
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_asset_management_for_it 6.2
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8367E063-B3D7-4C9B-98BF-7E323BA40668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "67EBBA37-3CDA-4244-AD31-1A2CC7B62C20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.1 hasta 6.5, 7.1 hasta 7.1.1.13, y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2.8, 7.1, y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados evadir las restricciones de acceso a la escritura en las entradas de calendarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-3084",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-29T09:55:07.790",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60408"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/60453"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1030780"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93955"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21966181Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21966181Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.7
ibm maximo_asset_management 7.5.0.8
ibm maximo_asset_management 7.6.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5
ibm maximo_for_energy_optimization 7.1
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_government 7.5.0.6
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_life_sciences 7.5.0.6
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_nuclear_power 7.5.0.6
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_oil_and_gas 7.5.0.6
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_transportation 7.5.0.6
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_for_utilities 7.5.0.6
ibm smartcloud_control_desk 7.5
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1.0
ibm tivoli_service_request_manager 7.2.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management para IT y otros ciertos productos permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-4967",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-06T01:59:12.640",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-10-02 00:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21685289Patch, Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/94757
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21685289Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/94757
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1
ibm change_and_configuration_management_database 7.2
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.1.13
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.0.5
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_asset_management_for_it 7.2
ibm tivoli_service_request_manager 7.1
ibm tivoli_service_request_manager 7.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5 hasta 7.5.0.6, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permiten a atacantes remotos obtener informaci\u00f3n sensible de directorios mediante la lectura de un mensaje de error no especificado."
    }
  ],
  "id": "CVE-2014-4765",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-02T00:55:03.763",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-19 14:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/108912Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/160949VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10887563Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108912Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/160949VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10887563Vendor Advisory
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.6
ibm control_desk 7.6.0
ibm control_desk 7.6.0.1
ibm maximo_for_aviation 7.6
ibm maximo_for_aviation 7.6.1
ibm maximo_for_aviation 7.6.2
ibm maximo_for_aviation 7.6.2.1
ibm maximo_for_aviation 7.6.3
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.0
ibm maximo_for_oil_and_gas 7.6.0
ibm maximo_for_transportation 7.6.1
ibm maximo_for_transportation 7.6.2
ibm maximo_for_transportation 7.6.2.1
ibm maximo_for_transportation 7.6.2.2
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_utilities 7.6
ibm smartcloud_control_desk -
ibm tivoli_integration_composer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 160949."
    }
  ],
  "id": "CVE-2019-4303",
  "lastModified": "2024-11-21T04:43:26.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T14:15:10.973",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108912"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV41871
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85793
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21670870Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/85793
Impacted products
Vendor Product Version
ibm change_and_configuration_management_database 7.1.1.7
ibm change_and_configuration_management_database 7.1.1.11
ibm change_and_configuration_management_database 7.1.1.12
ibm maximo_service_desk 7.1.1.7
ibm maximo_service_desk 7.1.1.11
ibm maximo_service_desk 7.1.1.12
ibm tivoli_asset_management_for_it 7.0
ibm tivoli_asset_management_for_it 7.1
ibm tivoli_it_asset_management_for_it 7.1.1.7
ibm tivoli_it_asset_management_for_it 7.1.1.11
ibm tivoli_it_asset_management_for_it 7.1.1.12
ibm tivoli_service_request_manager 7.0
ibm tivoli_service_request_manager 7.1.0.0
ibm tivoli_service_request_manager 7.1.1
ibm tivoli_service_request_manager 7.1.1.7
ibm tivoli_service_request_manager 7.1.1.11
ibm tivoli_service_request_manager 7.1.1.12
ibm smartcloud_control_desk 7.0
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140323-0749, 7.1.1.12 anterior a IFIX.20140321-1336, 7.5.x anterior a 7.5.0.3 IFIX027, 7.5.0.4 anterior a IFIX011 y 7.5.0.5 anterior a IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140207-1801 y 7.1.1.12 anterior a IFIX.20140218-1510 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de un informe Birt con una clausula WHERE en texto plano."
    }
  ],
  "id": "CVE-2013-4016",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T16:55:02.737",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-20 12:09
Modified
2025-04-11 00:51
Severity ?
Summary
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV23511
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80749
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21625624Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80749
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.0
ibm smartcloud_control_desk 7.5.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y v7.5 SmartCloud Control Desk  permite a usuarios remotos autenticados obtener privilegios y eludir las restricciones destinadas a las operaciones de b\u00fasqueda de activos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-6357",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.583",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-19 16:15
Modified
2024-11-21 04:43
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/162886VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1489053Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/162886VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1489053Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm control_desk 7.6.1
ibm control_desk 7.6.1.1
ibm maximo_anywhere 7.6.0.0
ibm maximo_anywhere 7.6.1.0
ibm maximo_for_aviation 7.6.6
ibm maximo_for_aviation 7.6.7
ibm maximo_for_aviation 7.6.8
ibm maximo_for_life_sciences 7.6
ibm maximo_for_nuclear_power 7.6.1
ibm maximo_for_oil_and_gas 7.6.1
ibm maximo_for_transportation 7.6.2.3
ibm maximo_for_transportation 7.6.2.4
ibm maximo_for_transportation 7.6.2.5
ibm maximo_for_utilities 7.6.0.1
ibm maximo_for_utilities 7.6.0.2
ibm smartcloud_control_desk -
ibm tivoli_integration_composer 7.6.0.1
ibm tivoli_integration_composer 7.6.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CD3018-546A-4CFF-B28B-A7DF2EE71634",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E203B3E-6A26-40BD-8F72-B738D4BF6EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "797807D9-2137-414A-BB28-46DBC0288161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8708C64F-7940-46E7-94FB-1D1CF3B864B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a un usuario insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 162886."
    }
  ],
  "id": "CVE-2019-4429",
  "lastModified": "2024-11-21T04:43:35.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-19T16:15:11.187",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1489053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1489053"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-07-29 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678798Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/93065
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678798Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/93065
Impacted products
Vendor Product Version
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_asset_management_essentials 7.5.0.6
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm smartcloud_control_desk 7.5.1.3
ibm maximo_industry_solutions 7.5.0.0
ibm maximo_industry_solutions 7.5.0.1
ibm maximo_industry_solutions 7.5.0.2
ibm maximo_industry_solutions 7.5.0.3
ibm maximo_industry_solutions 7.5.0.4
ibm maximo_industry_solutions 7.5.0.5
ibm maximo_industry_solutions 7.5.0.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD13DA8-00F5-43CE-BBAE-EB7DE0E46F8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB38B1E5-5C80-4B04-8291-E4686E84F8F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "002A5BD4-2962-4045-923F-E6710EC869CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B16418-C06A-4B78-A838-1C6BFC2EAC47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC6AC1A-E79F-4A66-8BF0-10A6C587DB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF48295-8CB1-4E9A-A760-7A2785505248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B24E3-CB7C-4550-8C0C-0D8173BC7DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B4D7E9-EB7C-4113-8D1C-6BE913FF3D9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF en IBM Maximo Asset Management 7.5 hasta 7.5.0.6 y 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, permite a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/93.html\" target=\"_blank\"\u003eCWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
  "id": "CVE-2014-3026",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-29T20:55:08.100",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}