XSS Vulnerability in IBM Maximo Asset Management Software
CVE-2012-3313

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Asset Management For It; Maximo Asset Management; Smartcloud Control Desk; Change And Configuration Management Database
Vendor: CVE Published:; 10 September 2012

Summary

This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into affected versions of IBM Maximo Asset Management. By exploiting this vulnerability, an attacker can manipulate the web application’s responses, potentially leading to unauthorized access to sensitive data, session hijacking, or further exploitation of the underlying systems. The attack vector remains unspecified, increasing the risk given the broad usage of Maximo in enterprise environments.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV15530

vendor-advisoryx_refsource_AIXAPAR

http://secunia.com/advisories/50551

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/77787

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 10, 2012
Vulnerability Reserved
Jun 7, 2012