Cross-Site Scripting Vulnerability in IBM Maximo Asset Management Products
CVE-2014-0825

Currently unrated

Key Information:

Vendor: IBM
Status: Change And Configuration Management Database; Maximo Service Desk; Tivoli Service Request Manager; Tivoli It Asset Management For It
Vendor: CVE Published:; 26 May 2014

Summary

A cross-site scripting vulnerability exists in the IBM Maximo Asset Management product suite, allowing remote authenticated users to craft a malicious report parameter that injects arbitrary web scripts or HTML. This affects various versions of IBM Maximo, SmartCloud Control Desk, and Tivoli IT Asset Management, potentially compromising the integrity of the application and the security of user data.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21670870

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/90501

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
May 26, 2014
Vulnerability Reserved
Jan 6, 2014