Cross-Site Scripting Vulnerability in IBM Maximo Asset Management Products
CVE-2014-0824

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Service Request Manager; Change And Configuration Management Database; Maximo Service Desk; Tivoli It Asset Management For It
Vendor: CVE Published:; 26 May 2014

Summary

This vulnerability allows remote authenticated users to inject arbitrary web scripts or HTML via attachment URLs in the affected versions of IBM Maximo Asset Management and its related products. Specifically, versions before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 are susceptible, exposing users to potential exploits that could compromise the integrity of the application's functionality.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21670870

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/90500

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 26, 2014
Vulnerability Reserved
Jan 6, 2014