Cross-Site Scripting Vulnerability in IBM Maximo Anywhere
CVE-2017-1604

5.4MEDIUM

Key Information:

Vendor

IBM
Status
Maximo Anywhere
Vendor
CVE Published:
21 February 2018

What is CVE-2017-1604?

IBM Maximo Anywhere versions 7.5 and 7.6 have a vulnerability that permits cross-site scripting, allowing an attacker to inject malicious JavaScript into the application's Web UI. This can compromise user sessions by potentially exposing sensitive credentials within a trusted environment. Proper validation and sanitization of user inputs are essential to mitigate this risk.

Affected Version(s)

Maximo Anywhere 7.5.1.2

Maximo Anywhere 7.5.2

Maximo Anywhere 7.5.2.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/132851
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22011883
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103126
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.