Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2015-10-04 02:59

Modified

2024-11-21 02:26

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21964855	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21964855	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.7
ibm	maximo_asset_management	7.5.0.8
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_government	7.5.0.6
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_life_sciences	7.5.0.6
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_nuclear_power	7.5.0.6
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_oil_and_gas	7.5.0.6
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_transportation	7.5.0.6
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	maximo_for_utilities	7.5.0.6
ibm	smartcloud_control_desk	7.5
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no cifran adecuadamente las contrase\u00f1as, lo que facilita a atacantes dependientes del contexto determinar contrase\u00f1as en texto plano aprovechando el acceso a un archivo de contrase\u00f1a."
    }
  ],
  "id": "CVE-2015-1934",
  "lastModified": "2024-11-21T02:26:26.077",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-04T02:59:01.660",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:33

Severity ?

Summary

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/48299
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/52333
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/72006
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72006

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redirecci\u00f3n involuntaria en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5 permite a usuarios autenticados remotos redirigir a usuarios a webs arbitrarias y realizar ataques de phishing a trav\u00e9s del par\u00e1metro uisessionid de un componente sin especificar."
    }
  ],
  "id": "CVE-2011-4818",
  "lastModified": "2024-11-21T01:33:03.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:26.120",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-02-18 02:59

Modified

2024-11-21 02:22

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/99606
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/99606

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_transportation	7.1
ibm	maximo_for_utilities	7.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0108."
    }
  ],
  "id": "CVE-2015-0109",
  "lastModified": "2024-11-21T02:22:23.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-02-18T02:59:01.423",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-02-20 12:09

Modified

2024-11-21 01:40

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/77813
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/77813

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	6.2.1
ibm	maximo_asset_management	6.2.2
ibm	maximo_asset_management	6.2.3
ibm	maximo_asset_management	6.2.4
ibm	maximo_asset_management	6.2.5
ibm	maximo_asset_management	6.2.6
ibm	maximo_asset_management	6.2.6.1
ibm	maximo_asset_management	6.2.7
ibm	maximo_asset_management	6.2.8
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management_essentials	6.2.0.0
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	tivoli_asset_management_for_it	6.0
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.0
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.1.0.0
ibm	tivoli_service_request_manager	7.2.0.0
ibm	maximo_service_desk	6.2
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2.0
ibm	smartcloud_control_desk	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en Tivoli Process Automation Engine (TPAE) en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 a la v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-3316",
  "lastModified": "2024-11-21T01:40:38.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.803",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-05-03 17:59

Modified

2024-11-21 03:02

Severity ?

8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22002018	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/98305	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22002018	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98305	Broken Link

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1, 7.5, y 7.6 podr\u00eda permitir a un atacante remoto incluir ficheros arbitrarios. Un atacante remoto podr\u00eda enviar peticiones URL especialmente dise\u00f1adas para ejecutar c\u00f3digo abritrario en el servidor afectado. IBM X-Force ID: 120252."
    }
  ],
  "id": "CVE-2016-9976",
  "lastModified": "2024-11-21T03:02:06.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-03T17:59:00.220",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/98305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/98305"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-02-20 12:09

Modified

2024-11-21 01:46

Severity ?

Summary

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/80748
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/80748

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, y SmartCloud Control Desk 7.5 permite a usuarios remotos autenticados para obtener privilegios a trav\u00e9s de vectores relacionados con una operaci\u00f3n de importaci\u00f3n."
    }
  ],
  "id": "CVE-2012-6356",
  "lastModified": "2024-11-21T01:46:04.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.520",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-07-30 11:15

Modified

2024-11-21 02:07

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/59570
psirt@us.ibm.com	http://secunia.com/advisories/59640
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21678754	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/93064
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21678754	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/93064

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	6.2.1
ibm	maximo_asset_management	6.2.2
ibm	maximo_asset_management	6.2.3
ibm	maximo_asset_management	6.2.4
ibm	maximo_asset_management	6.2.5
ibm	maximo_asset_management	6.2.6
ibm	maximo_asset_management	6.2.6.1
ibm	maximo_asset_management	6.2.7
ibm	maximo_asset_management	6.2.8
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.2
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.10
ibm	maximo_asset_management_essentials	*
ibm	maximo_asset_management_essentials	6.2.0.0
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.1
ibm	maximo_asset_management_essentials	7.5.0.2
ibm	maximo_asset_management_essentials	7.5.0.3
ibm	maximo_asset_management_essentials	7.5.0.4
ibm	maximo_asset_management_essentials	7.5.0.5
ibm	maximo_for_government	*
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_life_sciences	*
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_nuclear_power	*
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_oil_and_gas	*
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_transportation	*
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_utilities	*
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	maximo_service_desk	*
ibm	smartcloud_control_desk	*
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	smartcloud_control_desk	7.5.1.2
ibm	tivoli_it_asset_management_for_it	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entradas no especificadas en un fichero .jsp bajo webclient/utility/."
    }
  ],
  "id": "CVE-2014-3025",
  "lastModified": "2024-11-21T02:07:20.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.380",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:26

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/48299
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/52333
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/71996
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/71996

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en imicon.jsp de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro controlid."
    }
  ],
  "id": "CVE-2011-1395",
  "lastModified": "2024-11-21T01:26:12.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:25.900",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-05-26 16:29

Modified

2024-11-21 03:21

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22003413	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/125152	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22003413	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/125152	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
    },
    {
      "lang": "es",
      "value": "Maximo Asset Management versiones 7.5 y 7.6 de IBM, es vulnerable a ataques de divisi\u00f3n de respuestas HTTP. Un atacante remoto podr\u00eda explotar esta vulnerabilidad usando una URL especialmente dise\u00f1ada para causar que el servidor devuelva una respuesta dividida, una vez que se haga clic en la URL. Esto permitir\u00eda al atacante realizar nuevos ataques, como envenenamiento de cach\u00e9 web, cross-Site scripting y, posiblemente, obtener informaci\u00f3n confidencial. ID de IBM X-Force: 125152."
    }
  ],
  "id": "CVE-2017-1291",
  "lastModified": "2024-11-21T03:21:38.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-26T16:29:00.163",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-02-20 12:09

Modified

2024-11-21 01:40

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78039
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78039

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	6.2.1
ibm	maximo_asset_management	6.2.2
ibm	maximo_asset_management	6.2.3
ibm	maximo_asset_management	6.2.4
ibm	maximo_asset_management	6.2.5
ibm	maximo_asset_management	6.2.6
ibm	maximo_asset_management	6.2.6.1
ibm	maximo_asset_management	6.2.7
ibm	maximo_asset_management	6.2.8
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management_essentials	6.2.0.0
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	tivoli_asset_management_for_it	6.0
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.0
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.1.0.0
ibm	tivoli_service_request_manager	7.2.0.0
ibm	maximo_service_desk	6.2
ibm	change_and_configuration_management_database	7.1.
ibm	change_and_configuration_management_database	7.2.0
ibm	smartcloud_control_desk	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v6.2 hasta v7.5, Maximo Asset Management Essentials v6.2 hasta v7.5, Tivoli Asset Management for IT v6.2 hasta v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change and Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5 que permite ataques remotos que inyectan comandos web o HTML a trav\u00e9s de vectores relacionados con una acci\u00f3n de registro."
    }
  ],
  "id": "CVE-2012-3327",
  "lastModified": "2024-11-21T01:40:39.043",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.990",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-08-09 18:29

Modified

2024-11-21 03:21

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22006647	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/100214	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/126684	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22006647	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100214	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/126684	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.7
ibm	maximo_asset_management	7.5.0.8
ibm	maximo_asset_management	7.5.0.9
ibm	maximo_asset_management	7.5.0.10
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management	7.6.0.1
ibm	maximo_asset_management	7.6.0.2
ibm	maximo_asset_management	7.6.0.3
ibm	maximo_asset_management	7.6.0.4
ibm	maximo_asset_management	7.6.0.5
ibm	maximo_asset_management	7.6.0.6
ibm	maximo_asset_management	7.6.0.7
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.1
ibm	maximo_asset_management_essentials	7.5.0.2
ibm	maximo_asset_management_essentials	7.5.0.3
ibm	maximo_asset_management_essentials	7.5.0.4
ibm	maximo_asset_management_essentials	7.5.0.5
ibm	maximo_asset_management_essentials	7.5.0.6
ibm	maximo_asset_management_essentials	7.5.0.7
ibm	maximo_asset_management_essentials	7.5.0.8
ibm	maximo_asset_management_essentials	7.5.0.9
ibm	maximo_asset_management_essentials	7.5.0.10
ibm	maximo_asset_management_essentials	7.6.0.0
ibm	maximo_asset_management_essentials	7.6.0.1
ibm	maximo_asset_management_essentials	7.6.0.2
ibm	maximo_asset_management_essentials	7.6.0.3
ibm	maximo_asset_management_essentials	7.6.0.4
ibm	maximo_asset_management_essentials	7.6.0.5
ibm	maximo_asset_management_essentials	7.6.0.6
ibm	maximo_asset_management_essentials	7.6.0.7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29858665-FA68-4EDE-A0E7-6C79E8786871",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B7CA3C-5F9B-45A3-80AC-F5A4E190CC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5550B7-9133-4434-A01C-0A35E59ECDD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D4B8FE2-799E-4D5F-B582-49E799A3ADDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F90E1F-C0A0-4D6C-A497-9CC3AAF9ECB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF80B092-7E42-4F78-A137-015E382271F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "228B8913-D50A-4645-9519-1633D0ACA44C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A38DFC7-0B96-43F8-88EE-7F8CD29CD41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F10D4F-B0A5-4E40-B3AA-47838343D8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB194228-212C-499F-A3C6-147B5CD89581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D2023D-F6A3-4E44-B8C3-4B694A629B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "48467B08-08D3-4129-9687-A0EC01920694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A162A9A1-5FF5-47A3-BC80-9577FC8EE00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7DA64E-DAC8-4DE5-8EB7-2FCAD88A8E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 y 7.6 podr\u00eda permitir que un usuario autenticado manipulase \u00f3rdenes de trabajo para falsificar correos electr\u00f3nicos. Esto podr\u00eda emplearse para llevar a cabo ataques m\u00e1s avanzados. IBM X-Force ID: 126684."
    }
  ],
  "id": "CVE-2017-1357",
  "lastModified": "2024-11-21T03:21:46.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-09T18:29:01.497",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100214"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-10-06 01:59

Modified

2024-11-21 02:32

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21963973	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21963973	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.7
ibm	maximo_asset_management	7.5.0.8
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_government	7.5.0.6
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_life_sciences	7.5.0.6
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_nuclear_power	7.5.0.6
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_oil_and_gas	7.5.0.6
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_transportation	7.5.0.6
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	maximo_for_utilities	7.5.0.6
ibm	smartcloud_control_desk	7.5
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2015-4944",
  "lastModified": "2024-11-21T02:32:04.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-10-06T01:59:09.313",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:26

Severity ?

Summary

IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/48299
cve@mitre.org	http://secunia.com/advisories/48305
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/52333
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/71985
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/71985

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	trivoli_service_request_manager	7.1
ibm	trivoli_service_request_manager	7.2
ibm	maximo_service_desk	6.2
ibm	tivoli_change_and_configuration_management_database	6.2
ibm	tivoli_change_and_configuration_management_database	7.1
ibm	tivoli_change_and_configuration_management_database	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management de IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de la memoria) estableciendo numerosas sesiones UI dentro de una sesi\u00f3n HTTP."
    }
  ],
  "id": "CVE-2011-1394",
  "lastModified": "2024-11-21T01:26:12.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:25.853",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:33

Severity ?

Summary

SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/48299
psirt@us.ibm.com	http://secunia.com/advisories/48305
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/52333
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/72001
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72001

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	trivoli_service_request_manager	7.1
ibm	trivoli_service_request_manager	7.2
ibm	maximo_service_desk	6.2
ibm	tivoli_change_and_configuration_management_database	6.2
ibm	tivoli_change_and_configuration_management_database	7.1
ibm	tivoli_change_and_configuration_management_database	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el componente KPI de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar."
    }
  ],
  "id": "CVE-2011-4816",
  "lastModified": "2024-11-21T01:33:03.140",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:26.040",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-01-02 21:59

Modified

2024-11-21 02:36

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21970799	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21970799	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_transportation	7.5
ibm	maximo_for_utilities	7.5
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El Scheduler en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.1 FP1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.1 FP1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y obtener informaci\u00f3n sensible o datos modificados, a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7396",
  "lastModified": "2024-11-21T02:36:43.140",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T21:59:02.343",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-07-30 11:15

Modified

2024-11-21 02:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/59570
psirt@us.ibm.com	http://secunia.com/advisories/59640
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21678885	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/archive/1/533110/100/0/threaded
psirt@us.ibm.com	http://www.securityfocus.com/bid/68839
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/91883
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21678885	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/533110/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/68839
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/91883

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	6.2.1
ibm	maximo_asset_management	6.2.2
ibm	maximo_asset_management	6.2.3
ibm	maximo_asset_management	6.2.4
ibm	maximo_asset_management	6.2.5
ibm	maximo_asset_management	6.2.6
ibm	maximo_asset_management	6.2.6.1
ibm	maximo_asset_management	6.2.7
ibm	maximo_asset_management	6.2.8
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.2
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.10
ibm	maximo_asset_management_essentials	*
ibm	maximo_asset_management_essentials	6.2.0.0
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.1
ibm	maximo_asset_management_essentials	7.5.0.2
ibm	maximo_asset_management_essentials	7.5.0.3
ibm	maximo_asset_management_essentials	7.5.0.4
ibm	maximo_asset_management_essentials	7.5.0.5
ibm	maximo_for_government	*
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_life_sciences	*
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_nuclear_power	*
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_oil_and_gas	*
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_transportation	*
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_utilities	*
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	maximo_service_desk	*
ibm	smartcloud_control_desk	*
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	smartcloud_control_desk	7.5.1.2
ibm	tivoli_it_asset_management_for_it	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8 y 6.x y 7.x hasta 7.5.0.6, Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk y Maximo Asset Management 6.2 hasta 6.2.8 para Tivoli IT Asset Management for IT y Maximo Service Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo Query Description."
    }
  ],
  "id": "CVE-2014-0914",
  "lastModified": "2024-11-21T02:03:01.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.177",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/68839"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/68839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:33

Severity ?

Summary

The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/48299
psirt@us.ibm.com	http://secunia.com/advisories/48305
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/52333
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/72004
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72004

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	trivoli_service_request_manager	7.1
ibm	trivoli_service_request_manager	7.2
ibm	maximo_service_desk	6.2
ibm	tivoli_change_and_configuration_management_database	6.2
ibm	tivoli_change_and_configuration_management_database	7.1
ibm	tivoli_change_and_configuration_management_database	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
    },
    {
      "lang": "es",
      "value": "La opci\u00f3n \"About\" del men\u00fa de ayuda de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1 y 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 muestra el nombre de usuario, lo que permite a atacantes remotos autenticados tener un impacto sin especificar a trav\u00e9s de un ataque dirigido a la cuenta de usuario correspondiente."
    }
  ],
  "id": "CVE-2011-4817",
  "lastModified": "2024-11-21T01:33:03.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:26.087",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-02-18 02:59

Modified

2024-11-21 02:22

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/99605
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/99605

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_transportation	7.1
ibm	maximo_for_utilities	7.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0109."
    }
  ],
  "id": "CVE-2015-0108",
  "lastModified": "2024-11-21T02:22:23.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-02-18T02:59:00.047",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-01-02 05:59

Modified

2024-11-21 02:36

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21972423	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21972423	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_transportation	7.5
ibm	maximo_for_utilities	7.5
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para SmartCloud Control Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
    }
  ],
  "id": "CVE-2015-7451",
  "lastModified": "2024-11-21T02:36:48.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T05:59:08.797",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-02-17 01:59

Modified

2024-11-21 02:13

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21695597	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/96141
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21695597	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/96141

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.1.2
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.10
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.0.5
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estaci\u00f3n de trabajo desatendida."
    }
  ],
  "evaluatorComment": "Per an \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\"\u003eIBM Security Bulletin\u003c/a\u003e IBM identifies access vector as local",
  "id": "CVE-2014-6102",
  "lastModified": "2024-11-21T02:13:47.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-17T01:59:00.053",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-10-06 01:59

Modified

2024-11-21 02:32

Severity ?

Summary

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21966194	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21966194	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.7
ibm	maximo_asset_management	7.5.0.8
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_government	7.5.0.6
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_life_sciences	7.5.0.6
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_nuclear_power	7.5.0.6
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_oil_and_gas	7.5.0.6
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_transportation	7.5.0.6
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	maximo_for_utilities	7.5.0.6
ibm	smartcloud_control_desk	7.5
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
    },
    {
      "lang": "es",
      "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management para IT y otros ciertos productos permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de un archivo de (1) respaldo o (2) aplicaci\u00f3n de depuraci\u00f3n."
    }
  ],
  "id": "CVE-2015-4965",
  "lastModified": "2024-11-21T02:32:07.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-06T01:59:11.360",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-01-03 05:59

Modified

2024-11-21 02:32

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21970797	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21970797	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_asset_management_essentials	7.6
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_transportation	7.5
ibm	maximo_for_utilities	7.5
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB43A8FB-E429-4BD4-8787-E538352D8D9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.2 IF1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.2 IF1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso en resultados de consulta a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-5051",
  "lastModified": "2024-11-21T02:32:13.577",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T05:59:09.990",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-24 06:59

Modified

2024-11-21 02:22

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/97999	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97999	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_transportation	7.1
ibm	maximo_for_utilities	7.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.1.1.8 y 7.2 y Maximo Asset Management y Maximo Industry Solutions 7.1 en versiones hasta 7.1.1.8, 7.5 en versiones anteriores a 7.5.0.7 IFIX003, y 7.6 en versiones anteriores a 7.6.0.0 IFIX002 permite a los usuarios autenticados remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-0104",
  "lastModified": "2024-11-21T02:22:22.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-24T06:59:00.383",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97999"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-02-20 12:09

Modified

2024-11-21 01:47

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21625624
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/81011
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21625624
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/81011

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y SmartCloud Control Desk v7.5 que permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con un identificador de sesi\u00f3n de la interfaz de usuario (uisessionid)."
    }
  ],
  "id": "CVE-2013-0457",
  "lastModified": "2024-11-21T01:47:37.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:22.630",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-02-22 19:29

Modified

2024-11-21 03:59

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22013797	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/103154	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/138820	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22013797	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103154	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/138820	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management_essentials	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management en sus versiones 7.5 y 7.6 es vulnerable a inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar instrucciones SQL especialmente manipuladas que podr\u00edan permitir que el atacante viese, a\u00f1adiese, modificase o borrase informaci\u00f3n en la base de datos del backend. IBM X-Force ID: 138820."
    }
  ],
  "id": "CVE-2018-1414",
  "lastModified": "2024-11-21T03:59:46.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-22T19:29:03.217",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103154"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:33

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/48299
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/52333
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/72008
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72008

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permiten a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro uisesionid de (1) maximo.jsp o (2) la URI por defecto bajo ui/."
    }
  ],
  "id": "CVE-2011-4819",
  "lastModified": "2024-11-21T01:33:03.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:26.167",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-10-02 00:55

Modified

2024-11-21 02:10

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21685289	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/94757
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21685289	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/94757

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.1.2
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.10
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.0.5
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5 hasta 7.5.0.6, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permiten a atacantes remotos obtener informaci\u00f3n sensible de directorios mediante la lectura de un mensaje de error no especificado."
    }
  ],
  "id": "CVE-2014-4765",
  "lastModified": "2024-11-21T02:10:50.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-02T00:55:03.763",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:26

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/48299
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/52333
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/71999
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/71999

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro reportType a un componente sin especificar."
    }
  ],
  "id": "CVE-2011-1396",
  "lastModified": "2024-11-21T01:26:13.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:25.947",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-02-20 12:09

Modified

2024-11-21 01:40

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78040
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78040

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1.
ibm	change_and_configuration_management_database	7.2.0
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management_essentials	7.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.1.0.0
ibm	tivoli_service_request_manager	7.2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en IBM Maximo Asset Management v7.1, Maximo Asset Management Essentials v7.1, Tivoli Asset Management para IT v7.1 y v7.2, Tivoli Service Request Manager v7.1 y v7.2, y Change y Configuration Management Database (CCMDB) v7.1 v 7.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores que involucran a un marco (frame) oculto en el pie."
    }
  ],
  "id": "CVE-2012-3328",
  "lastModified": "2024-11-21T01:40:39.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:22.037",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-12-13 18:29

Modified

2024-11-21 03:22

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22010595	Issue Tracking, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/102211	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/131548	Issue Tracking, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22010595	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102211	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/131548	Issue Tracking, VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management en sus versiones 7.5 y 7.6 podr\u00eda permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirecci\u00f3n abierta. Al persuadir a una v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL mostrada y redirigir al usuario a un sitio web malicioso que, a priori, parecer\u00eda de confianza. Esto podr\u00eda permitir que el atacante obtuviese informaci\u00f3n sumamente sensible o que llevase a cabo m\u00e1s ataques contra la v\u00edctima. IBM X-Force ID: 131548."
    }
  ],
  "id": "CVE-2017-1558",
  "lastModified": "2024-11-21T03:22:04.600",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-13T18:29:00.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102211"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-01-03 05:59

Modified

2024-11-21 02:32

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21969052	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21969052	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.6
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y llevar a cabo un inicio de sesi\u00f3n introduciendo una contrase\u00f1a caducada."
    }
  ],
  "id": "CVE-2015-5017",
  "lastModified": "2024-11-21T02:32:11.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-03T05:59:03.897",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-02-20 12:09

Modified

2024-11-21 01:46

Severity ?

Summary

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/80749
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/80749

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y v7.5 SmartCloud Control Desk  permite a usuarios remotos autenticados obtener privilegios y eludir las restricciones destinadas a las operaciones de b\u00fasqueda de activos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-6357",
  "lastModified": "2024-11-21T01:46:04.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.583",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-02-20 12:09

Modified

2024-11-21 01:46

Severity ?

Summary

IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/80747
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/80747

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	6.2.1
ibm	maximo_asset_management	6.2.2
ibm	maximo_asset_management	6.2.3
ibm	maximo_asset_management	6.2.4
ibm	maximo_asset_management	6.2.5
ibm	maximo_asset_management	6.2.6
ibm	maximo_asset_management	6.2.6.1
ibm	maximo_asset_management	6.2.7
ibm	maximo_asset_management	6.2.8
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management_essentials	6.2.0.0
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	tivoli_asset_management_for_it	6.0
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.0
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.1.0.0
ibm	tivoli_service_request_manager	7.2.0.0
ibm	maximo_service_desk	6.2
ibm	change_and_configuration_management_database	7.1.
ibm	change_and_configuration_management_database	7.2.0
ibm	smartcloud_control_desk	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 6.2 a 7.5, Maximo Asset Management Essentials 6.2 a 7.5, Tivoli Asset Management for IT 6.2 a 7.2, Tivoli Service Request 7,1 y 7,2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, y SmartCloud Control Desk 7.5, permiten a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores relacionados con una orden de trabajo."
    }
  ],
  "id": "CVE-2012-6355",
  "lastModified": "2024-11-21T01:46:03.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-20T12:09:22.473",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-10-04 02:59

Modified

2024-11-21 02:26

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21965080	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21965080	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.7
ibm	maximo_asset_management	7.5.0.8
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_government	7.5.0.6
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_life_sciences	7.5.0.6
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_nuclear_power	7.5.0.6
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_oil_and_gas	7.5.0.6
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_transportation	7.5.0.6
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	maximo_for_utilities	7.5.0.6
ibm	smartcloud_control_desk	7.5
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX001 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX001 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no tienen un atributo off autocomplete para el campo password, lo que facilita a atacantes remotos obtener acceso aprovechando una estaci\u00f3n de trabajo desatendida."
    }
  ],
  "evaluatorComment": "Per http://www-01.ibm.com/support/docview.wss?uid=swg21965080:\n\" This vulnerability could allow a local attacker to obtain account access.\"",
  "id": "CVE-2015-1933",
  "lastModified": "2024-11-21T02:26:25.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-04T02:59:00.097",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-01-27 05:59

Modified

2024-11-21 02:36

Severity ?

4.1 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21974537	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21974537	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.7
ibm	maximo_asset_management	7.5.0.8
ibm	maximo_asset_management	7.5.0.9
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management	7.6.0.1
ibm	maximo_asset_management	7.6.0.2
ibm	maximo_asset_management	7.6.0.3
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.1
ibm	maximo_asset_management_essentials	7.5.0.2
ibm	maximo_asset_management_essentials	7.5.0.3
ibm	maximo_asset_management_essentials	7.5.0.4
ibm	maximo_asset_management_essentials	7.5.0.5
ibm	maximo_asset_management_essentials	7.5.0.6
ibm	maximo_asset_management_essentials	7.5.0.7
ibm	maximo_asset_management_essentials	7.5.0.8
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.6
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 IFIX002, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permiten a usuarios locales obtener informaci\u00f3n sensible aprovechando privilegios administrativos y leyendo archivos de registro."
    }
  ],
  "id": "CVE-2015-7487",
  "lastModified": "2024-11-21T02:36:51.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-27T05:59:01.260",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-01-02 21:59

Modified

2024-11-21 02:36

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21972463	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21972463	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_transportation	7.5
ibm	maximo_for_utilities	7.5
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para SmartCloud Control Desk permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de la API REST."
    }
  ],
  "id": "CVE-2015-7452",
  "lastModified": "2024-11-21T02:36:48.987",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-02T21:59:16.927",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-02-20 12:09

Modified

2024-11-21 01:40

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/77918
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/77918

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	6.2.1
ibm	maximo_asset_management	6.2.2
ibm	maximo_asset_management	6.2.3
ibm	maximo_asset_management	6.2.4
ibm	maximo_asset_management	6.2.5
ibm	maximo_asset_management	6.2.6
ibm	maximo_asset_management	6.2.6.1
ibm	maximo_asset_management	6.2.7
ibm	maximo_asset_management	6.2.8
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management_essentials	6.2.0.0
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	tivoli_asset_management_for_it	6.0
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.0
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.1.0.0
ibm	tivoli_service_request_manager	7.2.0.0
ibm	maximo_service_desk	6.2
ibm	change_and_configuration_management_database	7.1.
ibm	change_and_configuration_management_database	7.2.0
ibm	smartcloud_control_desk	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B69712-B405-43F4-B6E9-BC1C232A36E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*",
              "matchCriteriaId": "13CD271A-72E0-4730-A936-87B5122D9E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2446CA6E-D316-4239-8FDC-436643EB35EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente, inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el \"display name\"."
    }
  ],
  "id": "CVE-2012-3322",
  "lastModified": "2024-11-21T01:40:38.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-20T12:09:21.943",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-10-06 01:59

Modified

2024-11-21 02:32

Severity ?

Summary

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21966181	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21966181	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.7
ibm	maximo_asset_management	7.5.0.8
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_government	7.5.0.6
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_life_sciences	7.5.0.6
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_nuclear_power	7.5.0.6
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_oil_and_gas	7.5.0.6
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_transportation	7.5.0.6
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	maximo_for_utilities	7.5.0.6
ibm	smartcloud_control_desk	7.5
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management para IT y otros ciertos productos permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-4967",
  "lastModified": "2024-11-21T02:32:07.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-06T01:59:12.640",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-02-14 15:29

Modified

2024-11-21 03:21

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22012781	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/129106	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22012781	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/129106	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management_essentials	7.5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management versiones 7.5 y 7.6 podr\u00eda permitir que un atacante remoto incluya archivos arbitrarios y, como consecuencia, ejecute c\u00f3digo en el servidor Web vulnerable. IBM X-Force ID: 129106."
    }
  ],
  "id": "CVE-2017-1499",
  "lastModified": "2024-11-21T03:21:58.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-14T15:29:00.207",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-02-17 01:59

Modified

2024-11-21 02:13

Severity ?

Summary

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21694035	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/98605
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21694035	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/98605

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.1.2
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.10
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.0.5
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en un formulario web no especificado en IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en un nombre de ruta."
    }
  ],
  "id": "CVE-2014-6194",
  "lastModified": "2024-11-21T02:13:57.083",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-17T01:59:01.317",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-06-07 17:29

Modified

2024-11-21 03:02

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22003981	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/98786	Third Party Advisory, VDB Entry
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/120253	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22003981	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98786	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/120253	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
    },
    {
      "lang": "es",
      "value": "Maximo Asset Management versiones 7.1, 7.5 y 7.6 de IBM, podr\u00eda permitir a un atacante remoto secuestrar la sesi\u00f3n de usuario, causado por un fallo para invalidar un identificador de sesi\u00f3n existente. Un atacante podr\u00eda explotar esta vulnerabilidad para conseguir acceso a la sesi\u00f3n de otro usuario. ID de IBM X-Force: 120253."
    }
  ],
  "id": "CVE-2016-9977",
  "lastModified": "2024-11-21T03:02:06.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-07T17:29:00.677",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98786"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-05-26 16:29

Modified

2024-11-21 03:21

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg22003414	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/125153	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg22003414	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/125153	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
    },
    {
      "lang": "es",
      "value": "Las versiones 7.5 y 7.6 de IBM Maximo Asset Management generan mensajes de error que podr\u00edan revelar informaci\u00f3n sensible para futuros ataques contra el sistema. IBM X-Force ID: 125153."
    }
  ],
  "id": "CVE-2017-1292",
  "lastModified": "2024-11-21T03:21:39.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-26T16:29:00.210",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:26

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/48299
cve@mitre.org	http://secunia.com/advisories/48305
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/52333
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/72000
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72000

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	trivoli_service_request_manager	7.1
ibm	trivoli_service_request_manager	7.2
ibm	maximo_service_desk	6.2
ibm	tivoli_change_and_configuration_management_database	6.2
ibm	tivoli_change_and_configuration_management_database	7.1
ibm	tivoli_change_and_configuration_management_database	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la p\u00e1gina \"Labor Reporting\" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios."
    }
  ],
  "id": "CVE-2011-1397",
  "lastModified": "2024-11-21T01:26:13.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-03-13T03:12:25.993",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-03-12 15:59

Modified

2024-11-21 02:36

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21974938	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21974938	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.1.1
ibm	change_and_configuration_management_database	7.1.1.2
ibm	change_and_configuration_management_database	7.1.1.3
ibm	change_and_configuration_management_database	7.1.1.4
ibm	change_and_configuration_management_database	7.1.1.5
ibm	change_and_configuration_management_database	7.1.1.6
ibm	change_and_configuration_management_database	7.2
ibm	change_and_configuration_management_database	7.2.0.1
ibm	change_and_configuration_management_database	7.2.0.2
ibm	change_and_configuration_management_database	7.2.1
ibm	change_and_configuration_management_database	7.2.1.1
ibm	change_and_configuration_management_database	7.2.1.2
ibm	change_and_configuration_management_database	7.2.1.3
ibm	change_and_configuration_management_database	7.2.1.4
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.1.13
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.7
ibm	maximo_asset_management	7.5.0.8
ibm	maximo_asset_management	7.5.0.9
ibm	maximo_asset_management	7.6.0.0
ibm	maximo_asset_management	7.6.0.1
ibm	maximo_asset_management	7.6.0.2
ibm	maximo_asset_management	7.6.0.3
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.1
ibm	maximo_asset_management_essentials	7.5.0.2
ibm	maximo_asset_management_essentials	7.5.0.3
ibm	maximo_asset_management_essentials	7.5.0.4
ibm	maximo_asset_management_essentials	7.5.0.5
ibm	maximo_asset_management_essentials	7.5.0.6
ibm	maximo_asset_management_essentials	7.5.0.7
ibm	maximo_asset_management_essentials	7.5.0.8
ibm	maximo_asset_management_essentials	7.5.0.9
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.1.1
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.1.1
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.1
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.1.0.1
ibm	maximo_for_oil_and_gas	7.1.1.0
ibm	maximo_for_oil_and_gas	7.1.2
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_oil_and_gas	7.5.1
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.1.0.1
ibm	maximo_for_transportation	7.1.1
ibm	maximo_for_transportation	7.1.1.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.1.0
ibm	maximo_for_transportation	7.6.0.0
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.1.1
ibm	maximo_for_utilities	7.1.2
ibm	maximo_for_utilities	7.5
ibm	maximo_for_utilities	7.5.0.1
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	smartcloud_control_desk	7.5.1.2
ibm	smartcloud_control_desk	7.5.1.3
ibm	smartcloud_control_desk	7.5.3
ibm	smartcloud_control_desk	7.5.3.1
ibm	smartcloud_control_desk	7.6
ibm	smartcloud_control_desk	7.6.0.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_asset_management_for_it	7.2.0.1
ibm	tivoli_asset_management_for_it	7.2.1.0
ibm	tivoli_asset_management_for_it	7.2.1.2
ibm	tivoli_asset_management_for_it	7.2.2
ibm	tivoli_asset_management_for_it	7.2.2.1
ibm	tivoli_asset_management_for_it	7.2.2.2
ibm	tivoli_service_request_manager	7.1.0
ibm	tivoli_service_request_manager	7.1.0.1
ibm	tivoli_service_request_manager	7.1.0.2
ibm	tivoli_service_request_manager	7.1.0.3
ibm	tivoli_service_request_manager	7.1.0.4
ibm	tivoli_service_request_manager	7.1.0.5
ibm	tivoli_service_request_manager	7.2
ibm	tivoli_service_request_manager	7.2.0.1
ibm	tivoli_service_request_manager	7.2.1.0
ibm	tivoli_service_request_manager	7.2.1.1
ibm	tivoli_service_request_manager	7.2.1.2
ibm	tivoli_service_request_manager	7.2.1.3
ibm	tivoli_service_request_manager	7.2.1.4
ibm	tivoli_service_request_manager	7.2.1.5
ibm	tivoli_service_request_manager	7.2.1.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CC8BE0-5DFD-4D51-8C14-333596151E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D13A5E-AC99-4632-8987-2C1CC3AC9376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0C5995-8850-4AFE-9008-8ED3DE17E2F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "92B6F032-D50D-43C3-ADF2-C67FAD74A58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C5BFF2-8361-485D-9DE5-80323EFAFFB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8194D6-55CE-4760-8F27-4990FFA32F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A7E369-EBBD-4456-AE47-712CB273F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4B91AA-C45B-42F8-A7AC-D64DE66B5AA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D30DA9-2096-421C-AEE3-EA83D2AA5996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F13CF56-5007-413D-A936-B3667E0051D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "019C8B6D-0669-447E-9EB3-F6A9B42797FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9956DF3-70A3-49CD-9145-B0C880D3DACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC336DAB-A3DE-48B7-AC32-89F46F21887B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F90E1F-C0A0-4D6C-A497-9CC3AAF9ECB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE37A22-D39D-4B80-BD3B-31009824126B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1ECDC62-A636-4DB4-9C1B-B52722631DE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FBE3268-230C-4B1A-B0D9-21B0158EE10F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1297463-A52F-4657-A8D0-366B34C6534E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "926B2AE3-B65D-4A36-8B0D-4B0EB42D99A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E20654-F96C-4753-85F3-5D956F433D5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3795A39-8488-4F09-A7B5-600D4F8E7FD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0773CDA-CE18-4717-9C12-8CFD8848EEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D874CE6A-1885-4EB7-B77E-3D22C208E55B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2CEE0F-EF29-4D41-8E74-0538CAF9D612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA87EC4-0CBB-4173-BA0B-DD633D271442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6442C6D-E74B-47A0-9701-5461F651976F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F82E2804-9085-45AA-A97E-974CE652DF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5543E50-0B54-405B-A10A-06A08FF9E0C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD13DA8-00F5-43CE-BBAE-EB7DE0E46F8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3DB206-074F-4533-B466-CB73883FA8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F976949C-D8C6-4567-ADC4-E5C14D0D7C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1F14EE-6B26-427D-8FFB-94EC042C0FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC2697AF-D5A6-470D-9031-8677BBB20EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5680D2FE-5D9F-4DB6-9D5B-48A425CD7014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B0CE60-ABE6-44BA-95BA-13977D244963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "085C1DEF-0B4B-4070-A665-1382AAD04BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F0397C-8B0C-49CD-BBB7-F9286EAFD8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCDD59E9-2CC7-459B-B6C9-9EEFB92FCBAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6FDA27E-6933-4346-9DF3-BD0387192FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EDBC180-B618-49A3-824F-B4DDF119FD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "25D37ADF-49A6-4EF6-9B69-5EC83DB54CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E81B34B0-D451-4B33-8F81-36718998C857",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1F47F9-4D3D-439A-BEE8-F270C9BA7B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87F7EA33-B49A-4283-8A00-9B629508143E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2633424C-ACB6-4AE0-AA25-CAE343C88359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE4D7F1-66CF-466E-8747-68AA3D23E03A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5683C1E-AEF4-40FF-9069-7391C0BEA343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0EDB633-C4B8-4770-9B16-94F106C639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2396D4-D367-4811-AD7C-8B8FEE42B008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A3FD84-9497-47B7-8B9C-15DEEF5267F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 IFIX003, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros determinados productos permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7448",
  "lastModified": "2024-11-21T02:36:48.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-12T15:59:01.430",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-12-18 16:04

Modified

2024-11-21 01:57

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21660032	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/64333
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/87298
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21660032	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/64333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/87298

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.2
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.1
ibm	maximo_asset_management_essentials	7.5.0.2
ibm	maximo_asset_management_essentials	7.5.0.3
ibm	maximo_asset_management_essentials	7.5.0.4
ibm	maximo_asset_management_essentials	7.5.0.5
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	smartcloud_control_desk	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.0.5
ibm	change_and_configuration_management_database	7.1.1.12
ibm	change_and_configuration_management_database	7.1.2
ibm	change_and_configuration_management_database	7.2
ibm	change_and_configuration_management_database	7.2.0.1
ibm	tivoli_asset_management_for_it	7.1.1.12
ibm	tivoli_asset_management_for_it	7.1.2
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_asset_management_for_it	7.2.0.1
ibm	tivoli_service_request_manager	7.1.1.12
ibm	tivoli_service_request_manager	7.1.2
ibm	tivoli_service_request_manager	7.2
ibm	tivoli_service_request_manager	7.2.0.1
ibm	tivoli_service_request_manager	7.2.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E052B5F4-34AD-46CE-836F-43FCD4B5B7BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A7E369-EBBD-4456-AE47-712CB273F40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6562F50F-0566-4C82-AE66-36049B220C2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEE1180-9EC7-4078-B90E-077489E4F586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1F14EE-6B26-427D-8FFB-94EC042C0FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "477D96BA-18FC-4B02-B0F7-276F93D9A25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1F47F9-4D3D-439A-BEE8-F270C9BA7B71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87F7EA33-B49A-4283-8A00-9B629508143E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de cross-site scripting (XSS) en IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, y Maximo for  Utilities 7.1.x a 7.1.1.12, 7.5 anteriores a 7.5.0.3 IFIX014, y 7.5.0.5 anteriores a IFIX003; SmartCloud Control Desk (SCCD) 7.5 anteriores a 7.5.0.3 IFIX014 y 7.5.0.5 anteriores a IFIX003; y Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, y Change y Configuration Management Database (CCMDB) 7.1.x a 7.1.1.12, 7.1.2, y 7.2.x a 7.2.1 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5402",
  "lastModified": "2024-11-21T01:57:25.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-18T16:04:33.553",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/64333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-07-30 11:15

Modified

2024-11-21 02:03

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/59570
psirt@us.ibm.com	http://secunia.com/advisories/59640
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21678894	Patch, Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/archive/1/533110/100/0/threaded
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/91884
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21678894	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/533110/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/91884

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	6.2.1
ibm	maximo_asset_management	6.2.2
ibm	maximo_asset_management	6.2.3
ibm	maximo_asset_management	6.2.4
ibm	maximo_asset_management	6.2.5
ibm	maximo_asset_management	6.2.6
ibm	maximo_asset_management	6.2.6.1
ibm	maximo_asset_management	6.2.7
ibm	maximo_asset_management	6.2.8
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management	7.1.1.9
ibm	maximo_asset_management	7.1.1.10
ibm	maximo_asset_management	7.1.1.11
ibm	maximo_asset_management	7.1.1.12
ibm	maximo_asset_management	7.1.2
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management	7.5.0.10
ibm	maximo_asset_management_essentials	*
ibm	maximo_asset_management_essentials	6.2.0.0
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.1
ibm	maximo_asset_management_essentials	7.5.0.2
ibm	maximo_asset_management_essentials	7.5.0.3
ibm	maximo_asset_management_essentials	7.5.0.4
ibm	maximo_asset_management_essentials	7.5.0.5
ibm	maximo_for_government	*
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5.0.0
ibm	maximo_for_government	7.5.0.1
ibm	maximo_for_government	7.5.0.2
ibm	maximo_for_government	7.5.0.3
ibm	maximo_for_government	7.5.0.4
ibm	maximo_for_government	7.5.0.5
ibm	maximo_for_life_sciences	*
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5.0.0
ibm	maximo_for_life_sciences	7.5.0.1
ibm	maximo_for_life_sciences	7.5.0.2
ibm	maximo_for_life_sciences	7.5.0.3
ibm	maximo_for_life_sciences	7.5.0.4
ibm	maximo_for_life_sciences	7.5.0.5
ibm	maximo_for_nuclear_power	*
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5.0.0
ibm	maximo_for_nuclear_power	7.5.0.1
ibm	maximo_for_nuclear_power	7.5.0.2
ibm	maximo_for_nuclear_power	7.5.0.3
ibm	maximo_for_nuclear_power	7.5.0.4
ibm	maximo_for_nuclear_power	7.5.0.5
ibm	maximo_for_oil_and_gas	*
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5.0.0
ibm	maximo_for_oil_and_gas	7.5.0.1
ibm	maximo_for_oil_and_gas	7.5.0.2
ibm	maximo_for_oil_and_gas	7.5.0.3
ibm	maximo_for_oil_and_gas	7.5.0.4
ibm	maximo_for_oil_and_gas	7.5.0.5
ibm	maximo_for_transportation	*
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5.0.0
ibm	maximo_for_transportation	7.5.0.1
ibm	maximo_for_transportation	7.5.0.2
ibm	maximo_for_transportation	7.5.0.3
ibm	maximo_for_transportation	7.5.0.4
ibm	maximo_for_transportation	7.5.0.5
ibm	maximo_for_utilities	*
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5.0.0
ibm	maximo_for_utilities	7.5.0.1
ibm	maximo_for_utilities	7.5.0.2
ibm	maximo_for_utilities	7.5.0.3
ibm	maximo_for_utilities	7.5.0.4
ibm	maximo_for_utilities	7.5.0.5
ibm	maximo_service_desk	*
ibm	smartcloud_control_desk	*
ibm	smartcloud_control_desk	7.5
ibm	smartcloud_control_desk	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	smartcloud_control_desk	7.5.1.2
ibm	tivoli_it_asset_management_for_it	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el campo KPI display name o (2) un campo portlet."
    }
  ],
  "id": "CVE-2014-0915",
  "lastModified": "2024-11-21T02:03:02.127",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2014-07-29 20:55

Modified

2024-11-21 02:07

Severity ?

Summary

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/59570
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21678798	Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/93065
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21678798	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/93065

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.5.0.0
ibm	maximo_asset_management	7.5.0.1
ibm	maximo_asset_management	7.5.0.2
ibm	maximo_asset_management	7.5.0.3
ibm	maximo_asset_management	7.5.0.4
ibm	maximo_asset_management	7.5.0.5
ibm	maximo_asset_management	7.5.0.6
ibm	maximo_asset_management_essentials	7.5.0.0
ibm	maximo_asset_management_essentials	7.5.0.1
ibm	maximo_asset_management_essentials	7.5.0.2
ibm	maximo_asset_management_essentials	7.5.0.3
ibm	maximo_asset_management_essentials	7.5.0.4
ibm	maximo_asset_management_essentials	7.5.0.5
ibm	maximo_asset_management_essentials	7.5.0.6
ibm	smartcloud_control_desk	7.5.0.0
ibm	smartcloud_control_desk	7.5.0.1
ibm	smartcloud_control_desk	7.5.0.2
ibm	smartcloud_control_desk	7.5.0.3
ibm	smartcloud_control_desk	7.5.1.0
ibm	smartcloud_control_desk	7.5.1.1
ibm	smartcloud_control_desk	7.5.1.2
ibm	smartcloud_control_desk	7.5.1.3
ibm	maximo_industry_solutions	7.5.0.0
ibm	maximo_industry_solutions	7.5.0.1
ibm	maximo_industry_solutions	7.5.0.2
ibm	maximo_industry_solutions	7.5.0.3
ibm	maximo_industry_solutions	7.5.0.4
ibm	maximo_industry_solutions	7.5.0.5
ibm	maximo_industry_solutions	7.5.0.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD13DA8-00F5-43CE-BBAE-EB7DE0E46F8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB38B1E5-5C80-4B04-8291-E4686E84F8F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "002A5BD4-2962-4045-923F-E6710EC869CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B16418-C06A-4B78-A838-1C6BFC2EAC47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC6AC1A-E79F-4A66-8BF0-10A6C587DB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF48295-8CB1-4E9A-A760-7A2785505248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B24E3-CB7C-4550-8C0C-0D8173BC7DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_industry_solutions:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B4D7E9-EB7C-4113-8D1C-6BE913FF3D9B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF en IBM Maximo Asset Management 7.5 hasta 7.5.0.6 y 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, permite a usuarios remotos autenticados inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/93.html\" target=\"_blank\"\u003eCWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
  "id": "CVE-2014-3026",
  "lastModified": "2024-11-21T02:07:20.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-29T20:55:08.100",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-03-27 17:29

Modified

2024-11-21 02:32

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21971160	Patch, Vendor Advisory
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/106460	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21971160	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/106460	VDB Entry, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management	7.6
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_energy_optimization	7.1
ibm	maximo_for_aviation	7.6
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5
ibm	maximo_for_transportation	7.6
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_life_sciences	7.6
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5
ibm	control_desk	7.5
ibm	control_desk	7.6
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E903B1-43FE-4120-95E1-2108B630D49B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:control_desk:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6282F8E2-9EFD-4CBE-8732-22659413B149",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
    },
    {
      "lang": "es",
      "value": "IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.2; as\u00ed como otros productos de IBM permiten que usuarios autenticados remotos omitan las restricciones de acceso previstas y lean entradas del registro de tareas de tickets arbitrarias mediante vectores sin especificar. IBM X-Force ID: 106460."
    }
  ],
  "id": "CVE-2015-5016",
  "lastModified": "2024-11-21T02:32:11.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-27T17:29:00.337",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2020-02-18 17:15

Modified

2024-11-21 01:53

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/62685	Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240	VDB Entry, Vendor Advisory
cve@mitre.org	https://www.ibm.com/support/pages/node/235239	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62685	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/235239	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	maximo_for_government	6.2
ibm	maximo_for_government	7.1
ibm	maximo_for_government	7.5
ibm	maximo_for_life_sciences	6.2
ibm	maximo_for_life_sciences	6.4
ibm	maximo_for_life_sciences	6.5
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_life_sciences	7.5
ibm	maximo_for_nuclear_power	6.2
ibm	maximo_for_nuclear_power	6.3
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_nuclear_power	7.5
ibm	maximo_for_oil_and_gas	6.2
ibm	maximo_for_oil_and_gas	6.3
ibm	maximo_for_oil_and_gas	6.4
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_oil_and_gas	7.5
ibm	maximo_for_transportation	6.2
ibm	maximo_for_transportation	6.3
ibm	maximo_for_transportation	7.1
ibm	maximo_for_transportation	7.5
ibm	maximo_for_utilities	6.2
ibm	maximo_for_utilities	6.3
ibm	maximo_for_utilities	7.1
ibm	maximo_for_utilities	7.5
ibm	maximo_service_desk	6.2
ibm	smartcloud_control_desk	7.5
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "095A16F3-FA2C-4D0D-BA04-597FB2FF03FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "235F85B1-345A-4CE2-9DBE-A03D49D14583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "450D430F-6E81-4DD5-9D64-3676B2D3C16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3749FF3-86DE-40CA-8A04-0987C47EA1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC5EC94-7A48-487E-BCCC-8B434E8735E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E78E1CA-83D8-4497-AF4E-A017B778107A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2906AF03-C662-4EBF-A3A3-E79DE4831F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3054179C-29D4-4098-816C-85A2CAE4103F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97B731D-8002-43D8-BF43-B32B852D0BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC611AA-993B-4C91-9EF8-ACA3D3E11F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6476767B-52DD-4A29-A379-96BFE964CA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDCDD396-CFB4-4AC9-A025-4E132FC333E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01048E18-A71F-4AC7-971E-6CE772ACE81A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticaci\u00f3n B\u00e1sica es usado, debido a un fallo al invalidar la sesi\u00f3n de autenticaci\u00f3n, lo que podr\u00eda permitir a un usuario malicioso obtener acceso no autorizado."
    }
  ],
  "id": "CVE-2013-3323",
  "lastModified": "2024-11-21T01:53:23.740",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-18T17:15:12.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62685"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/235239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/235239"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2012-03-13 03:12

Modified

2024-11-21 01:34

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/48299
psirt@us.ibm.com	http://secunia.com/advisories/48305
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198
psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/52333
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/72612
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48299
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48305
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21584666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52333
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/72612

Impacted products

Vendor	Product	Version
ibm	maximo_asset_management	6.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.5
ibm	maximo_asset_management_essentials	6.2
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_asset_management_essentials	7.5
ibm	tivoli_asset_management_for_it	6.2
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	trivoli_service_request_manager	7.1
ibm	trivoli_service_request_manager	7.2
ibm	maximo_service_desk	6.2
ibm	tivoli_change_and_configuration_management_database	6.2
ibm	tivoli_change_and_configuration_management_database	7.1
ibm	tivoli_change_and_configuration_management_database	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878EF6C-4C54-4BFB-A58A-DBBB96664E8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:trivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68FF0043-7A28-4ECB-9888-6FB057A766B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33DD3C44-B7B9-4FFF-8445-7C2C084F7DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D3BE7-A7F0-431D-BB07-28DC94E8590F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A53DB8A-5966-4D70-A254-C098DB12B0B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) el componente \"Start Center Layout and Configuration\" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, t 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2. Permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del \"display name\"."
    }
  ],
  "id": "CVE-2012-0195",
  "lastModified": "2024-11-21T01:34:33.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:26.197",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-04-24 06:59

Modified

2024-11-21 02:22

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	Vendor Advisory
psirt@us.ibm.com	http://www.securityfocus.com/bid/97998	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97998	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
ibm	change_and_configuration_management_database	7.1
ibm	change_and_configuration_management_database	7.2
ibm	maximo_asset_management	7.1
ibm	maximo_asset_management	7.1.1
ibm	maximo_asset_management	7.1.1.1
ibm	maximo_asset_management	7.1.1.2
ibm	maximo_asset_management	7.1.1.5
ibm	maximo_asset_management	7.1.1.6
ibm	maximo_asset_management	7.1.1.7
ibm	maximo_asset_management	7.1.1.8
ibm	maximo_asset_management_essentials	7.1
ibm	maximo_for_government	7.1
ibm	maximo_for_life_sciences	7.1
ibm	maximo_for_nuclear_power	7.1
ibm	maximo_for_oil_and_gas	7.1
ibm	maximo_for_transportation	7.1
ibm	maximo_for_utilities	7.1
ibm	tivoli_asset_management_for_it	7.1
ibm	tivoli_asset_management_for_it	7.2
ibm	tivoli_service_request_manager	7.1
ibm	tivoli_service_request_manager	7.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.1.1.8 y 7.2 y Maximo Asset Management y Maximo Industry Solutions 7.1 en versiones hasta 7.1.1.8, 7.5 en versiones anteriores a 7.5.0.7 IFIX003, y 7.6 en versiones anteriores a 7.6.0.0 IFIX002 permite a los usuarios autenticados remotos realizar ataques de desplazamiento de directorios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-0107",
  "lastModified": "2024-11-21T02:22:22.907",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-24T06:59:00.413",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97998"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2017-1499

Vulnerability from cvelistv5

Published

2018-02-14 15:00

Modified

2024-09-17 00:16

Severity ?

Summary

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/129106	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22012781	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Version: 7.5 Version: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-14T14:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-01-25T00:00:00",
          "ID": "CVE-2017-1499",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22012781",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012781"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1499",
    "datePublished": "2018-02-14T15:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T00:16:20.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-1292

Vulnerability from cvelistv5

Published

2017-05-26 16:00

Modified

2024-08-05 13:32

Severity ?

Summary

IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/125153	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22003414	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Version: 7.5 Version: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-26T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1292",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125153"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003414",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003414"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1292",
    "datePublished": "2017-05-26T16:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:29.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-6194

Vulnerability from cvelistv5

Published

2015-02-17 01:00

Modified

2024-08-06 12:10

Severity ?

Summary

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/98605	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21694035	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:12.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20146194-dir-traversal(98605)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6194",
    "datePublished": "2015-02-17T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:10:12.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4818

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-07 00:16

Severity ?

Summary

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/72006	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:35.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-uisessionid-open-redirect(72006)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "IV09200",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "maximo-uisessionid-open-redirect(72006)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "IV09200",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2011-4818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-uisessionid-open-redirect(72006)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72006"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "IV09200",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2011-4818",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-07T00:16:35.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4816

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-07 00:16

Severity ?

Summary

SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/72001	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/48305	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:35.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-kpi-sql-injection(72001)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09194",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "maximo-kpi-sql-injection(72001)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09194",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2011-4816",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-kpi-sql-injection(72001)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09194",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2011-4816",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-07T00:16:35.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-6102

Vulnerability from cvelistv5

Published

2015-02-17 01:00

Modified

2024-08-06 12:03

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21695597	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/96141	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:03:02.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
          },
          {
            "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
        },
        {
          "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-6102",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
            },
            {
              "name": "ibm-maximo-cve20146102-sec-bypass(96141)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-6102",
    "datePublished": "2015-02-17T01:00:00",
    "dateReserved": "2014-09-02T00:00:00",
    "dateUpdated": "2024-08-06T12:03:02.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1933

Vulnerability from cvelistv5

Published

2015-10-04 01:00

Modified

2024-08-06 05:02

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21965080	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-04T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1933",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1933",
    "datePublished": "2015-10-04T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1395

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-06 22:28

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/71996	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-imicon-xss(71996)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09189",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "maximo-imicon-xss(71996)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09189",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-imicon-xss(71996)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71996"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09189",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1395",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3316

Vulnerability from cvelistv5

Published

2013-02-20 11:00

Modified

2024-08-06 19:57

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/77813	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:57:50.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mam-tpae-xss(77813)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "IV24609",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "mam-tpae-xss(77813)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "IV24609",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mam-tpae-xss(77813)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77813"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "IV24609",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3316",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T19:57:50.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0108

Vulnerability from cvelistv5

Published

2015-02-18 02:00

Modified

2024-08-06 03:55

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/99605	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-tsam-cve20150108-xss(99605)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-tsam-cve20150108-xss(99605)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0108",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-tsam-cve20150108-xss(99605)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0108",
    "datePublished": "2015-02-18T02:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0914

Vulnerability from cvelistv5

Published

2014-07-30 10:00

Modified

2024-08-06 09:27

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/68839	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/59640	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/533110/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www-01.ibm.com/support/docview.wss?uid=swg21678885	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/59570	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/91883	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "68839",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/68839"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
          },
          {
            "name": "IV56679",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "ibm-maximo-cve20140914-xss(91883)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "68839",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/68839"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
        },
        {
          "name": "IV56679",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "ibm-maximo-cve20140914-xss(91883)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0914",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "68839",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/68839"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
            },
            {
              "name": "IV56679",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "ibm-maximo-cve20140914-xss(91883)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0914",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9976

Vulnerability from cvelistv5

Published

2017-05-03 17:00

Modified

2024-08-06 03:07

Severity ?

Summary

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.

References

▼	URL	Tags
	http://www.ibm.com/support/docview.wss?uid=swg22002018	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/98305	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM Corporation	Maximo Asset Management	Version: 7.1, 7.5, 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
          },
          {
            "name": "98305",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98305"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "7.1, 7.5, 7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-05T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
        },
        {
          "name": "98305",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98305"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1, 7.5, 7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22002018",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
            },
            {
              "name": "98305",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98305"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9976",
    "datePublished": "2017-05-03T17:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5402

Vulnerability from cvelistv5

Published

2013-12-18 11:00

Modified

2024-08-06 17:06

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/64333	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/87298	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21660032	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "64333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64333"
          },
          {
            "name": "ibm-maximo-cve20135402-xss(87298)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
          },
          {
            "name": "IV49268",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "64333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64333"
        },
        {
          "name": "ibm-maximo-cve20135402-xss(87298)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
        },
        {
          "name": "IV49268",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-5402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "64333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64333"
            },
            {
              "name": "ibm-maximo-cve20135402-xss(87298)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
            },
            {
              "name": "IV49268",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-5402",
    "datePublished": "2013-12-18T11:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9977

Vulnerability from cvelistv5

Published

2017-06-07 17:00

Modified

2024-08-06 03:07

Severity ?

Summary

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/120253	x_refsource_MISC
	http://www.securityfocus.com/bid/98786	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22003981	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Version: 7.1 Version: 7.5 Version: 7.1.1 Version: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.819Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
          },
          {
            "name": "98786",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98786"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-08T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
        },
        {
          "name": "98786",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98786"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-9977",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.1.1"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user\u0027s session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user\u0027s session. IBM X-Force ID: 120253."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
            },
            {
              "name": "98786",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98786"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003981",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-9977",
    "datePublished": "2017-06-07T17:00:00",
    "dateReserved": "2016-12-16T00:00:00",
    "dateUpdated": "2024-08-06T03:07:31.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-6355

Vulnerability from cvelistv5

Published

2013-02-20 11:00

Modified

2024-08-06 21:28

Severity ?

Summary

IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80747	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-work-order-priv-esc(80747)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
          },
          {
            "name": "IV30384",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-work-order-priv-esc(80747)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
        },
        {
          "name": "IV30384",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-work-order-priv-esc(80747)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80747"
            },
            {
              "name": "IV30384",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6355",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-6356

Vulnerability from cvelistv5

Published

2013-02-20 11:00

Modified

2024-08-06 21:28

Severity ?

Summary

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80748	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "IV27329",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
          },
          {
            "name": "mam-import-fct-priv-esc(80748)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "IV27329",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
        },
        {
          "name": "mam-import-fct-priv-esc(80748)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "IV27329",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329"
            },
            {
              "name": "mam-import-fct-priv-esc(80748)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80748"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6356",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0109

Vulnerability from cvelistv5

Published

2015-02-18 02:00

Modified

2024-08-06 03:55

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/99606	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-tsam-cve20150109-xss(99606)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-tsam-cve20150109-xss(99606)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-tsam-cve20150109-xss(99606)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0109",
    "datePublished": "2015-02-18T02:00:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-1291

Vulnerability from cvelistv5

Published

2017-05-26 16:00

Modified

2024-08-05 13:32

Severity ?

Summary

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.

References

▼	URL	Tags
	http://www.ibm.com/support/docview.wss?uid=swg22003413	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/125152	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Version: 7.5 Version: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:28.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-26T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1291",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22003413",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22003413"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125152"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1291",
    "datePublished": "2017-05-26T16:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:28.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-1558

Vulnerability from cvelistv5

Published

2017-12-13 18:00

Modified

2024-09-16 16:43

Severity ?

Summary

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/102211	vdb-entry, x_refsource_BID
	http://www.ibm.com/support/docview.wss?uid=swg22010595	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/131548	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Version: 7.5 Version: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:30.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102211",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102211"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-19T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "102211",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102211"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-12-11T00:00:00",
          "ID": "CVE-2017-1558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102211",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102211"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22010595",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010595"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131548"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1558",
    "datePublished": "2017-12-13T18:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T16:43:14.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3026

Vulnerability from cvelistv5

Published

2014-07-29 20:00

Modified

2024-08-06 10:28

Severity ?

Summary

CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/93065	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/59570	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg21678798	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20143026-header-injection(93065)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20143026-header-injection(93065)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20143026-header-injection(93065)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93065"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678798"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3026",
    "datePublished": "2014-07-29T20:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-6357

Vulnerability from cvelistv5

Published

2013-02-20 11:00

Modified

2024-08-06 21:28

Severity ?

Summary

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511	vendor-advisory, x_refsource_AIXAPAR
	https://exchange.xforce.ibmcloud.com/vulnerabilities/80749	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:28:39.783Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV23511",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
          },
          {
            "name": "mam-asset-lookup-priv-esc(80749)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV23511",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
        },
        {
          "name": "mam-asset-lookup-priv-esc(80749)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-6357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV23511",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511"
            },
            {
              "name": "mam-asset-lookup-priv-esc(80749)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80749"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-6357",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T21:28:39.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4944

Vulnerability from cvelistv5

Published

2015-10-05 10:00

Modified

2024-08-06 06:32

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21963973	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4944",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-5016

Vulnerability from cvelistv5

Published

2018-03-27 17:00

Modified

2024-08-06 06:32

Severity ?

Summary

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/106460	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg21971160	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-maximo-cve20155016-info-disc(106460)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-27T16:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-maximo-cve20155016-info-disc(106460)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-maximo-cve20155016-info-disc(106460)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5016",
    "datePublished": "2018-03-27T17:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-5051

Vulnerability from cvelistv5

Published

2016-01-03 02:00

Modified

2024-08-06 06:32

Severity ?

Summary

IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21970797	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T04:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5051",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7487

Vulnerability from cvelistv5

Published

2016-01-27 02:00

Modified

2024-08-06 07:51

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21974537	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:28.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-27T04:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7487",
    "datePublished": "2016-01-27T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:28.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3323

Vulnerability from cvelistv5

Published

2020-02-18 16:03

Modified

2024-08-06 16:07

Severity ?

Summary

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/62685	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240	x_refsource_MISC
	https://www.ibm.com/support/pages/node/235239	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62685"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/235239"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-18T16:03:12",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/62685"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/235239"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/bid/62685",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/62685"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
            },
            {
              "name": "https://www.ibm.com/support/pages/node/235239",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/pages/node/235239"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3323",
    "datePublished": "2020-02-18T16:03:12",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1396

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-06 22:28

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190	vendor-advisory, x_refsource_AIXAPAR
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/71999	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV09190",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "maximo-reporttype-xss(71999)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IV09190",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "maximo-reporttype-xss(71999)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV09190",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09190"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "maximo-reporttype-xss(71999)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71999"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1396",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3322

Vulnerability from cvelistv5

Published

2013-02-20 11:00

Modified

2024-08-06 20:05

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/77918	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV23838",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-displayname-xss(77918)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV23838",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-displayname-xss(77918)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3322",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV23838",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-displayname-xss(77918)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77918"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3322",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7448

Vulnerability from cvelistv5

Published

2016-03-12 15:00

Modified

2024-08-06 07:51

Severity ?

Summary

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21974938	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-03-12T15:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7448",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7448",
    "datePublished": "2016-03-12T15:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1394

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-06 22:28

Severity ?

Summary

IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.

References

▼	URL	Tags
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/71985	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/48305	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "maximo-uisession-dos(71985)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "IV09157",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "maximo-uisession-dos(71985)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "IV09157",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1394",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "maximo-uisession-dos(71985)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "IV09157",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1394",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7452

Vulnerability from cvelistv5

Published

2016-01-02 21:00

Modified

2024-08-06 07:51

Severity ?

Summary

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21972463	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.521Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T21:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7452",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7452",
    "datePublished": "2016-01-02T21:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1934

Vulnerability from cvelistv5

Published

2015-10-04 01:00

Modified

2024-08-06 05:02

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21964855	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.809Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-04T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1934",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1934",
    "datePublished": "2015-10-04T01:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.809Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0107

Vulnerability from cvelistv5

Published

2017-04-24 06:12

Modified

2024-08-06 03:55

Severity ?

Summary

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/97998	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97998",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97998"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "97998",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97998"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97998",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97998"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0107",
    "datePublished": "2017-04-24T06:12:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0104

Vulnerability from cvelistv5

Published

2017-04-24 06:12

Modified

2024-08-06 03:55

Severity ?

Summary

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/97999	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21694974	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:55:28.068Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97999",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97999"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-26T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "97999",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97999"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-0104",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97999",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97999"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-0104",
    "datePublished": "2017-04-24T06:12:00",
    "dateReserved": "2014-11-18T00:00:00",
    "dateUpdated": "2024-08-06T03:55:28.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-5017

Vulnerability from cvelistv5

Published

2016-01-03 02:00

Modified

2024-08-06 06:32

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21969052	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-03T05:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-5017",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-5017",
    "datePublished": "2016-01-03T02:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4965

Vulnerability from cvelistv5

Published

2015-10-05 10:00

Modified

2024-08-06 06:32

Severity ?

Summary

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21966194	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:31.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4965",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:31.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7451

Vulnerability from cvelistv5

Published

2016-01-02 02:00

Modified

2024-08-06 07:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21972423	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T04:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7451",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7451",
    "datePublished": "2016-01-02T02:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4967

Vulnerability from cvelistv5

Published

2015-10-05 10:00

Modified

2024-08-06 06:32

Severity ?

Summary

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21966181	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:32:32.184Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-05T02:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-4967",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-4967",
    "datePublished": "2015-10-05T10:00:00",
    "dateReserved": "2015-06-24T00:00:00",
    "dateUpdated": "2024-08-06T06:32:32.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0195

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-06 18:16

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.

References

▼	URL	Tags
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198	vendor-advisory, x_refsource_AIXAPAR
	http://secunia.com/advisories/48305	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/72612	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:16:19.457Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "IV09198",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "mam-sclc-xss(72612)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "IV09198",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "mam-sclc-xss(72612)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "IV09198",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "mam-sclc-xss(72612)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0195",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-06T18:16:19.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3328

Vulnerability from cvelistv5

Published

2013-02-20 11:00

Modified

2024-08-06 20:05

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/78040	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-hiddenframefooter-xss(78040)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
          },
          {
            "name": "IV20823",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-hiddenframefooter-xss(78040)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
        },
        {
          "name": "IV20823",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-hiddenframefooter-xss(78040)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78040"
            },
            {
              "name": "IV20823",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20823"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3328",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0915

Vulnerability from cvelistv5

Published

2014-07-30 10:00

Modified

2024-08-06 09:27

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21678894	x_refsource_CONFIRM
	http://secunia.com/advisories/59640	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680	vendor-advisory, x_refsource_AIXAPAR
	http://www.securityfocus.com/archive/1/533110/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/59570	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/91884	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "IV56680",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
          },
          {
            "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "ibm-maximo-cve20140915-xss(91884)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "IV56680",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
        },
        {
          "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "ibm-maximo-cve20140915-xss(91884)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-0915",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "IV56680",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
            },
            {
              "name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "ibm-maximo-cve20140915-xss(91884)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-0915",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-0457

Vulnerability from cvelistv5

Published

2013-02-20 11:00

Modified

2024-08-06 14:25

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590	vendor-advisory, x_refsource_AIXAPAR
	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/81011	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:10.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IV20590",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-uisessionid-xss(81011)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IV20590",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-uisessionid-xss(81011)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-0457",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IV20590",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-uisessionid-xss(81011)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-0457",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-12-16T00:00:00",
    "dateUpdated": "2024-08-06T14:25:10.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4817

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-07 00:16

Severity ?

Summary

The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.

References

▼	URL	Tags
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/72004	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/48305	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:34.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "maximo-helpmenu-info-disclosure(72004)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09197",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "maximo-helpmenu-info-disclosure(72004)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09197",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2011-4817",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "maximo-helpmenu-info-disclosure(72004)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09197",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2011-4817",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-07T00:16:34.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-1357

Vulnerability from cvelistv5

Published

2017-08-09 18:00

Modified

2024-09-16 23:00

Severity ?

Summary

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/100214	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/126684	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22006647	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Version: 7.5 Version: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100214",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100214"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2017-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-10T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "100214",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100214"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-08-08T00:00:00",
          "ID": "CVE-2017-1357",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100214",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100214"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126684"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006647",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006647"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1357",
    "datePublished": "2017-08-09T18:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:00:52.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3025

Vulnerability from cvelistv5

Published

2014-07-30 10:00

Modified

2024-08-06 10:28

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21678754	x_refsource_CONFIRM
	http://secunia.com/advisories/59640	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/93064	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/59570	third-party-advisory, x_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
          },
          {
            "name": "59640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59640"
          },
          {
            "name": "ibm-maximo-cve20143025-xss(93064)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
          },
          {
            "name": "59570",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59570"
          },
          {
            "name": "IV57241",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
        },
        {
          "name": "59640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59640"
        },
        {
          "name": "ibm-maximo-cve20143025-xss(93064)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
        },
        {
          "name": "59570",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59570"
        },
        {
          "name": "IV57241",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-3025",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
            },
            {
              "name": "59640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59640"
            },
            {
              "name": "ibm-maximo-cve20143025-xss(93064)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
            },
            {
              "name": "59570",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59570"
            },
            {
              "name": "IV57241",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-3025",
    "datePublished": "2014-07-30T10:00:00",
    "dateReserved": "2014-04-29T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.365Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1414

Vulnerability from cvelistv5

Published

2018-02-22 19:00

Modified

2024-09-17 03:59

Severity ?

Summary

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/103154	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/138820	x_refsource_MISC
	http://www.ibm.com/support/docview.wss?uid=swg22013797	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	IBM	Maximo Asset Management	Version: 7.5 Version: 7.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:39.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103154",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103154"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Maximo Asset Management",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.5"
            },
            {
              "status": "affected",
              "version": "7.6"
            }
          ]
        }
      ],
      "datePublic": "2018-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Data Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-27T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "103154",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103154"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-02-20T00:00:00",
          "ID": "CVE-2018-1414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Maximo Asset Management",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.5"
                          },
                          {
                            "version_value": "7.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Data Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103154",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103154"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138820"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22013797",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22013797"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1414",
    "datePublished": "2018-02-22T19:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:59:50.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-4765

Vulnerability from cvelistv5

Published

2014-10-02 00:00

Modified

2024-08-06 11:27

Severity ?

Summary

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21685289	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/94757	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
          },
          {
            "name": "ibm-maximo-cve20144765-error-message(94757)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
        },
        {
          "name": "ibm-maximo-cve20144765-error-message(94757)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2014-4765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
            },
            {
              "name": "ibm-maximo-cve20144765-error-message(94757)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2014-4765",
    "datePublished": "2014-10-02T00:00:00",
    "dateReserved": "2014-07-09T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1397

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-06 22:28

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/72000	vdb-entry, x_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/48305	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "maximo-laborreporting-csrf(72000)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "48305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48305"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09193",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "maximo-laborreporting-csrf(72000)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "48305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48305"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09193",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1397",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "maximo-laborreporting-csrf(72000)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09193",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1397",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7396

Vulnerability from cvelistv5

Published

2016-01-02 21:00

Modified

2024-08-06 07:51

Severity ?

Summary

The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21970799	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:51:27.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-01-02T21:57:02",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-7396",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-7396",
    "datePublished": "2016-01-02T21:00:00",
    "dateReserved": "2015-09-29T00:00:00",
    "dateUpdated": "2024-08-06T07:51:27.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3327

Vulnerability from cvelistv5

Published

2013-02-20 11:00

Modified

2024-08-06 20:05

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action.

References

▼	URL	Tags
	http://www-01.ibm.com/support/docview.wss?uid=swg21625624	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/78039	vdb-entry, x_refsource_XF
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.857Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
          },
          {
            "name": "mam-login-xss(78039)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
          },
          {
            "name": "IV22698",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
        },
        {
          "name": "mam-login-xss(78039)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
        },
        {
          "name": "IV22698",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
            },
            {
              "name": "mam-login-xss(78039)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
            },
            {
              "name": "IV22698",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3327",
    "datePublished": "2013-02-20T11:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-4819

Vulnerability from cvelistv5

Published

2012-03-13 01:00

Modified

2024-08-07 00:16

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.

References

▼	URL	Tags
	http://www.ibm.com/support/docview.wss?uid=swg21584666	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/72008	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/48299	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/52333	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202	vendor-advisory, x_refsource_AIXAPAR

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:35.046Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
          },
          {
            "name": "maximo-uisesionid-xss(72008)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
          },
          {
            "name": "48299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48299"
          },
          {
            "name": "52333",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52333"
          },
          {
            "name": "IV09202",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-02-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-09T17:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
        },
        {
          "name": "maximo-uisesionid-xss(72008)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
        },
        {
          "name": "48299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48299"
        },
        {
          "name": "52333",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52333"
        },
        {
          "name": "IV09202",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2011-4819",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "maximo-uisesionid-xss(72008)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72008"
            },
            {
              "name": "48299",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "52333",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09202",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2011-4819",
    "datePublished": "2012-03-13T01:00:00",
    "dateReserved": "2011-12-14T00:00:00",
    "dateUpdated": "2024-08-07T00:16:35.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to ibm - maximo_asset_management_essentials

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5