Cross-Site Scripting in IBM Maximo Asset Management and Related Products
CVE-2013-5402

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo For Nuclear Power; Maximo Asset Management; Maximo For Utilities; Maximo For Life Sciences
Vendor: CVE Published:; 18 December 2013

What is CVE-2013-5402?

The vulnerability in various IBM Maximo products allows remote authenticated users to inject arbitrary web scripts or HTML through unspecified vectors. This flaw could lead to unauthorized access and manipulation of user sessions, potentially compromising sensitive data and functionality within the affected applications. Users are advised to update their systems to the latest versions to mitigate the risk associated with this vulnerability.

References

http://www.securityfocus.com/bid/64333

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/87298

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268

vendor-advisoryx_refsource_AIXAPAR

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2013
Vulnerability Reserved
Aug 22, 2013