Cross-Site Scripting Vulnerability in IBM Maximo Asset Management Products
CVE-2012-3328

Currently unrated

Key Information:

Vendor: IBM
Status: Change And Configuration Management Database; Tivoli Service Request Manager; Tivoli Asset Management For It; Maximo Asset Management
Vendor: CVE Published:; 20 February 2013

Summary

This vulnerability allows remote attackers to exploit web applications by injecting arbitrary web scripts or HTML into IBM Maximo Asset Management products. The risk arises from specific vectors associated with a hidden frame footer, potentially leading to unauthorized actions and data exposure. Attackers can leverage this vulnerability to execute malicious scripts in the context of the user’s session, compromising sensitive information and user integrity.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21625624

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/78040

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Feb 20, 2013
Vulnerability Reserved
Jun 7, 2012