CVE-2015-0109

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Utilities; Maximo For Nuclear Power; Tivoli Service Request Manager
Vendor: CVE Published:; 18 February 2015

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/99606

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21694974

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 18, 2015
Vulnerability Reserved
Nov 18, 2014