Cross-Site Scripting Vulnerability in IBM Tivoli Endpoint Manager
CVE-2012-0719

Currently unrated

Key Information:

Vendor
IBM
Status
Tivoli Endpoint Manager
Vendor
CVE Published:
22 March 2012

Summary

A cross-site scripting (XSS) vulnerability exists in IBM Tivoli Endpoint Manager (TEM) versions prior to 8.2 patch 3. This flaw permits remote attackers to inject arbitrary web scripts or HTML through the ScheduleParam parameter in the webreports program. Successful exploitation of this vulnerability may allow attackers to manipulate web sessions, steal credentials, or execute malicious scripts in the context of an affected user's session.

References

http://secunia.com/advisories/48352
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/52514
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/74039
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.