Cross-Site Scripting Vulnerability in IBM Maximo Asset Management
CVE-2015-4944

Currently unrated

Key Information:

Vendor: IBM
Status: Maximo Asset Management; Maximo For Nuclear Power; Maximo For Utilities; Maximo For Life Sciences
Vendor: CVE Published:; 6 October 2015

What is CVE-2015-4944?

A Cross-Site Scripting (XSS) vulnerability exists in the IBM Maximo Asset Management software, allowing remote authenticated users to inject arbitrary web scripts or HTML through specially crafted URLs. This vulnerability impacts multiple versions, granting attackers the potential to manipulate web pages and launch attacks that could compromise user data and system integrity. It affects IBM Maximo Asset Management from versions 7.1 to 7.1.1.13, as well as various iterations in the 7.5.x and 7.6.x series.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21963973

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2015
Vulnerability Reserved
Jun 24, 2015