CVE-2012-3328

Currently unrated

Key Information:

Vendor: IBM
Status: Change And Configuration Management Database; Tivoli Service Request Manager; Tivoli Asset Management For It; Maximo Asset Management
Vendor: CVE Published:; 20 February 2013

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21625624

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/78040

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Feb 20, 2013
Vulnerability Reserved
Jun 7, 2012