Cross-Site Scripting Vulnerability in IBM Maximo Asset Management
CVE-2015-0108

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Utilities; Maximo For Nuclear Power; Tivoli Service Request Manager
Vendor: CVE Published:; 18 February 2015

Summary

A cross-site scripting vulnerability exists in specific versions of IBM Maximo Asset Management, allowing remote authenticated users to inject arbitrary web scripts or HTML through undefined vectors. This may lead to malicious actions affecting the integrity and confidentiality of user data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/99605

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21694974

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 18, 2015
Vulnerability Reserved
Nov 18, 2014