Vulnerabilites related to ibm - maximo_for_government
Vulnerability from fkie_nvd
Published
2014-10-02 00:55
Modified
2024-11-21 02:10
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5 hasta 7.5.0.6, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permiten a atacantes remotos obtener informaci\u00f3n sensible de directorios mediante la lectura de un mensaje de error no especificado."
}
],
"id": "CVE-2014-4765",
"lastModified": "2024-11-21T02:10:50.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-02T00:55:03.763",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2024-11-21 02:32
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21966181 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21966181 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management para IT y otros ciertos productos permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-4967",
"lastModified": "2024-11-21T02:32:07.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-06T01:59:12.640",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-04 02:59
Modified
2024-11-21 02:26
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21964855 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21964855 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no cifran adecuadamente las contrase\u00f1as, lo que facilita a atacantes dependientes del contexto determinar contrase\u00f1as en texto plano aprovechando el acceso a un archivo de contrase\u00f1a."
}
],
"id": "CVE-2015-1934",
"lastModified": "2024-11-21T02:26:26.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-04T02:59:01.660",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-08 22:59
Modified
2024-11-21 02:55
Severity ?
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21988252 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/92535 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21988252 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92535 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.1 | |
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_for_aviation | 7.1 | |
| ibm | maximo_for_aviation | 7.5 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_energy_optimization | 7.1 | |
| ibm | maximo_for_energy_optimization | 7.5 | |
| ibm | maximo_for_energy_optimization | 7.6 | |
| ibm | maximo_for_government | 7.1 | |
| ibm | maximo_for_government | 7.5 | |
| ibm | maximo_for_government | 7.6 | |
| ibm | maximo_for_life_sciences | 7.1 | |
| ibm | maximo_for_life_sciences | 7.5 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.1 | |
| ibm | maximo_for_nuclear_power | 7.5 | |
| ibm | maximo_for_nuclear_power | 7.6 | |
| ibm | maximo_for_oil_and_gas | 7.1 | |
| ibm | maximo_for_oil_and_gas | 7.5 | |
| ibm | maximo_for_oil_and_gas | 7.6 | |
| ibm | maximo_for_transportation | 7.1 | |
| ibm | maximo_for_transportation | 7.5 | |
| ibm | maximo_for_transportation | 7.6 | |
| ibm | maximo_for_utilities | 7.1 | |
| ibm | maximo_for_utilities | 7.5 | |
| ibm | maximo_for_utilities | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2E94D6-C670-417D-8BC7-6D57FC881735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D99E35AE-83AD-4B46-8D1B-D55213547863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "805C1AA0-2515-481F-8DC2-B8DDB567B112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9588B376-E159-4CF8-AA3C-70FBBFCB3ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F39CC0B-40C9-434B-9257-A72D04D5CED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54B15803-D203-4620-B4CF-0F417C7A9B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED14563B-CA07-4CEF-B46B-672F06D08B9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz Web alterando as\u00ed la funcionalidad intencionada conduciendo potencialmente a la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
}
],
"id": "CVE-2016-5902",
"lastModified": "2024-11-21T02:55:13.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-08T22:59:00.573",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92535"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-14 01:59
Modified
2024-11-21 02:41
Severity ?
Summary
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.6.0.0 | |
| ibm | maximo_asset_management | 7.6.0.1 | |
| ibm | maximo_asset_management | 7.6.0.2 | |
| ibm | maximo_asset_management | 7.6.0.3 | |
| ibm | smartcloud_control_desk | - | |
| ibm | maximo_asset_management | 7.6.0.0 | |
| ibm | maximo_asset_management | 7.6.0.1 | |
| ibm | maximo_asset_management | 7.6.0.2 | |
| ibm | maximo_asset_management | 7.6.0.3 | |
| ibm | maximo_for_government | - | |
| ibm | maximo_for_life_sciences | - | |
| ibm | maximo_for_nuclear_power | - | |
| ibm | maximo_for_oil_and_gas | - | |
| ibm | maximo_for_transportation | - | |
| ibm | maximo_for_utilities | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6952A03A-657B-4CE9-8C85-1EBEB6D090FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0660482-340B-4FDA-8F0A-323BE0167800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E7B2B1-2746-40A4-83FC-DCEDE8B607BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55DB8F6D-F7DB-485B-80D9-368188F2E858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "537D5FEA-7809-4CB6-9D71-FC3C408B2611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE303C7-7873-4754-926D-122FD45337FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.6 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y leer registros de trabajo de \u00f3rdenes de compra arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0222",
"lastModified": "2024-11-21T02:41:18.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-14T01:59:01.467",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-17 01:59
Modified
2024-11-21 02:13
Severity ?
Summary
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en un formulario web no especificado en IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en un nombre de ruta."
}
],
"id": "CVE-2014-6194",
"lastModified": "2024-11-21T02:13:57.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-17T01:59:01.317",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-02 21:59
Modified
2024-11-21 02:36
Severity ?
Summary
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.5 | |
| ibm | maximo_for_government | 7.5 | |
| ibm | maximo_for_life_sciences | 7.5 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.5 | |
| ibm | maximo_for_oil_and_gas | 7.5 | |
| ibm | maximo_for_transportation | 7.5 | |
| ibm | maximo_for_utilities | 7.5 | |
| ibm | smartcloud_control_desk | 7.5 | |
| ibm | smartcloud_control_desk | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
},
{
"lang": "es",
"value": "El Scheduler en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.1 FP1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.1 FP1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y obtener informaci\u00f3n sensible o datos modificados, a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7396",
"lastModified": "2024-11-21T02:36:43.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-02T21:59:02.343",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-08 03:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005 y 7.6.0 en versiones anteriores a 7.6.0.2 FP002; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 FP002 para SmartCloud Control Desk y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros productos permite a usuarios remotos autenticados eludir las restricciones destinadas al cambio de orden de trabajo a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7395",
"lastModified": "2024-11-21T02:36:43.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-08T03:59:00.117",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
"versionEndIncluding": "6.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
"versionEndIncluding": "6.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8 y 6.x y 7.x hasta 7.5.0.6, Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk y Maximo Asset Management 6.2 hasta 6.2.8 para Tivoli IT Asset Management for IT y Maximo Service Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo Query Description."
}
],
"id": "CVE-2014-0914",
"lastModified": "2024-11-21T02:03:01.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-30T11:15:33.177",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/68839"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-18 02:59
Modified
2024-11-21 02:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | change_and_configuration_management_database | 7.1 | |
| ibm | change_and_configuration_management_database | 7.2 | |
| ibm | maximo_asset_management | 7.1 | |
| ibm | maximo_asset_management | 7.1.1 | |
| ibm | maximo_asset_management | 7.1.1.1 | |
| ibm | maximo_asset_management | 7.1.1.2 | |
| ibm | maximo_asset_management | 7.1.1.5 | |
| ibm | maximo_asset_management | 7.1.1.6 | |
| ibm | maximo_asset_management | 7.1.1.7 | |
| ibm | maximo_asset_management | 7.1.1.8 | |
| ibm | maximo_asset_management_essentials | 7.1 | |
| ibm | maximo_for_government | 7.1 | |
| ibm | maximo_for_life_sciences | 7.1 | |
| ibm | maximo_for_nuclear_power | 7.1 | |
| ibm | maximo_for_oil_and_gas | 7.1 | |
| ibm | maximo_for_transportation | 7.1 | |
| ibm | maximo_for_utilities | 7.1 | |
| ibm | tivoli_asset_management_for_it | 7.1 | |
| ibm | tivoli_asset_management_for_it | 7.2 | |
| ibm | tivoli_service_request_manager | 7.1 | |
| ibm | tivoli_service_request_manager | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0108."
}
],
"id": "CVE-2015-0109",
"lastModified": "2024-11-21T02:22:23.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-18T02:59:01.423",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-18 02:59
Modified
2024-11-21 02:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | change_and_configuration_management_database | 7.1 | |
| ibm | change_and_configuration_management_database | 7.2 | |
| ibm | maximo_asset_management | 7.1 | |
| ibm | maximo_asset_management | 7.1.1 | |
| ibm | maximo_asset_management | 7.1.1.1 | |
| ibm | maximo_asset_management | 7.1.1.2 | |
| ibm | maximo_asset_management | 7.1.1.5 | |
| ibm | maximo_asset_management | 7.1.1.6 | |
| ibm | maximo_asset_management | 7.1.1.7 | |
| ibm | maximo_asset_management | 7.1.1.8 | |
| ibm | maximo_asset_management_essentials | 7.1 | |
| ibm | maximo_for_government | 7.1 | |
| ibm | maximo_for_life_sciences | 7.1 | |
| ibm | maximo_for_nuclear_power | 7.1 | |
| ibm | maximo_for_oil_and_gas | 7.1 | |
| ibm | maximo_for_transportation | 7.1 | |
| ibm | maximo_for_utilities | 7.1 | |
| ibm | tivoli_asset_management_for_it | 7.1 | |
| ibm | tivoli_asset_management_for_it | 7.2 | |
| ibm | tivoli_service_request_manager | 7.1 | |
| ibm | tivoli_service_request_manager | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0109."
}
],
"id": "CVE-2015-0108",
"lastModified": "2024-11-21T02:22:23.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-18T02:59:00.047",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-02 05:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.5 | |
| ibm | maximo_for_government | 7.5 | |
| ibm | maximo_for_life_sciences | 7.5 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.5 | |
| ibm | maximo_for_oil_and_gas | 7.5 | |
| ibm | maximo_for_transportation | 7.5 | |
| ibm | maximo_for_utilities | 7.5 | |
| ibm | smartcloud_control_desk | 7.5 | |
| ibm | smartcloud_control_desk | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para SmartCloud Control Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-7451",
"lastModified": "2024-11-21T02:36:48.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-02T05:59:08.797",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-17 01:59
Modified
2024-11-21 02:13
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estaci\u00f3n de trabajo desatendida."
}
],
"evaluatorComment": "Per an \u003ca href=\"http://www-01.ibm.com/support/docview.wss?uid=swg21695597\"\u003eIBM Security Bulletin\u003c/a\u003e IBM identifies access vector as local",
"id": "CVE-2014-6102",
"lastModified": "2024-11-21T02:13:47.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-17T01:59:00.053",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2024-11-21 02:32
Severity ?
Summary
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
},
{
"lang": "es",
"value": "maximouiweb/webmodule/webclient/utility/merlin.jsp en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management para IT y otros ciertos productos permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de un archivo de (1) respaldo o (2) aplicaci\u00f3n de depuraci\u00f3n."
}
],
"id": "CVE-2015-4965",
"lastModified": "2024-11-21T02:32:07.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-06T01:59:11.360",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2024-11-21 02:32
Severity ?
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.5 | |
| ibm | maximo_asset_management_essentials | 7.6 | |
| ibm | maximo_for_government | 7.5 | |
| ibm | maximo_for_life_sciences | 7.5 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.5 | |
| ibm | maximo_for_oil_and_gas | 7.5 | |
| ibm | maximo_for_transportation | 7.5 | |
| ibm | maximo_for_utilities | 7.5 | |
| ibm | smartcloud_control_desk | 7.5 | |
| ibm | smartcloud_control_desk | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB43A8FB-E429-4BD4-8787-E538352D8D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.2 IF1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.2 IF1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso en resultados de consulta a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-5051",
"lastModified": "2024-11-21T02:32:13.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-03T05:59:09.990",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 06:59
Modified
2024-11-21 02:22
Severity ?
Summary
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21694974 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/97999 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21694974 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97999 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | change_and_configuration_management_database | 7.1 | |
| ibm | change_and_configuration_management_database | 7.2 | |
| ibm | maximo_asset_management | 7.1 | |
| ibm | maximo_asset_management | 7.1.1 | |
| ibm | maximo_asset_management | 7.1.1.1 | |
| ibm | maximo_asset_management | 7.1.1.2 | |
| ibm | maximo_asset_management | 7.1.1.5 | |
| ibm | maximo_asset_management | 7.1.1.6 | |
| ibm | maximo_asset_management | 7.1.1.7 | |
| ibm | maximo_asset_management | 7.1.1.8 | |
| ibm | maximo_asset_management_essentials | 7.1 | |
| ibm | maximo_for_government | 7.1 | |
| ibm | maximo_for_life_sciences | 7.1 | |
| ibm | maximo_for_nuclear_power | 7.1 | |
| ibm | maximo_for_oil_and_gas | 7.1 | |
| ibm | maximo_for_transportation | 7.1 | |
| ibm | maximo_for_utilities | 7.1 | |
| ibm | tivoli_asset_management_for_it | 7.1 | |
| ibm | tivoli_asset_management_for_it | 7.2 | |
| ibm | tivoli_service_request_manager | 7.1 | |
| ibm | tivoli_service_request_manager | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.1.1.8 y 7.2 y Maximo Asset Management y Maximo Industry Solutions 7.1 en versiones hasta 7.1.1.8, 7.5 en versiones anteriores a 7.5.0.7 IFIX003, y 7.6 en versiones anteriores a 7.6.0.0 IFIX002 permite a los usuarios autenticados remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0104",
"lastModified": "2024-11-21T02:22:22.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T06:59:00.383",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97999"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-03-12 15:59
Modified
2024-11-21 02:36
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC8BE0-5DFD-4D51-8C14-333596151E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59D13A5E-AC99-4632-8987-2C1CC3AC9376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0C5995-8850-4AFE-9008-8ED3DE17E2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92B6F032-D50D-43C3-ADF2-C67FAD74A58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C5BFF2-8361-485D-9DE5-80323EFAFFB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8194D6-55CE-4760-8F27-4990FFA32F54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29A7E369-EBBD-4456-AE47-712CB273F40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4B91AA-C45B-42F8-A7AC-D64DE66B5AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69D30DA9-2096-421C-AEE3-EA83D2AA5996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F13CF56-5007-413D-A936-B3667E0051D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "019C8B6D-0669-447E-9EB3-F6A9B42797FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C9956DF3-70A3-49CD-9145-B0C880D3DACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC336DAB-A3DE-48B7-AC32-89F46F21887B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "56F90E1F-C0A0-4D6C-A497-9CC3AAF9ECB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE37A22-D39D-4B80-BD3B-31009824126B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ECDC62-A636-4DB4-9C1B-B52722631DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBE3268-230C-4B1A-B0D9-21B0158EE10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1297463-A52F-4657-A8D0-366B34C6534E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "926B2AE3-B65D-4A36-8B0D-4B0EB42D99A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "26E20654-F96C-4753-85F3-5D956F433D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3795A39-8488-4F09-A7B5-600D4F8E7FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0773CDA-CE18-4717-9C12-8CFD8848EEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D874CE6A-1885-4EB7-B77E-3D22C208E55B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2CEE0F-EF29-4D41-8E74-0538CAF9D612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA87EC4-0CBB-4173-BA0B-DD633D271442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6442C6D-E74B-47A0-9701-5461F651976F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F82E2804-9085-45AA-A97E-974CE652DF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5543E50-0B54-405B-A10A-06A08FF9E0C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD13DA8-00F5-43CE-BBAE-EB7DE0E46F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DB206-074F-4533-B466-CB73883FA8AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F976949C-D8C6-4567-ADC4-E5C14D0D7C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54B1037D-F4D1-4CD6-BBD7-6E72EB4A1620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1F14EE-6B26-427D-8FFB-94EC042C0FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2697AF-D5A6-470D-9031-8677BBB20EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5680D2FE-5D9F-4DB6-9D5B-48A425CD7014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89B0CE60-ABE6-44BA-95BA-13977D244963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C1DEF-0B4B-4070-A665-1382AAD04BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F0397C-8B0C-49CD-BBB7-F9286EAFD8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDD59E9-2CC7-459B-B6C9-9EEFB92FCBAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FDA27E-6933-4346-9DF3-BD0387192FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDBC180-B618-49A3-824F-B4DDF119FD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25D37ADF-49A6-4EF6-9B69-5EC83DB54CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E81B34B0-D451-4B33-8F81-36718998C857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F47F9-4D3D-439A-BEE8-F270C9BA7B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87F7EA33-B49A-4283-8A00-9B629508143E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2633424C-ACB6-4AE0-AA25-CAE343C88359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE4D7F1-66CF-466E-8747-68AA3D23E03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5683C1E-AEF4-40FF-9069-7391C0BEA343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EDB633-C4B8-4770-9B16-94F106C639A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2396D4-D367-4811-AD7C-8B8FEE42B008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92A3FD84-9497-47B7-8B9C-15DEEF5267F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 IFIX003, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros determinados productos permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7448",
"lastModified": "2024-11-21T02:36:48.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-03-12T15:59:01.430",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
"versionEndIncluding": "6.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
"versionEndIncluding": "6.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entradas no especificadas en un fichero .jsp bajo webclient/utility/."
}
],
"id": "CVE-2014-3025",
"lastModified": "2024-11-21T02:07:20.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-30T11:15:33.380",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-18 16:04
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "397FB717-6568-4037-8D7F-D31CF18E0782",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E052B5F4-34AD-46CE-836F-43FCD4B5B7BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29A7E369-EBBD-4456-AE47-712CB273F40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6562F50F-0566-4C82-AE66-36049B220C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEE1180-9EC7-4078-B90E-077489E4F586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1F14EE-6B26-427D-8FFB-94EC042C0FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "477D96BA-18FC-4B02-B0F7-276F93D9A25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1F47F9-4D3D-439A-BEE8-F270C9BA7B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87F7EA33-B49A-4283-8A00-9B629508143E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, y Maximo for Utilities 7.1.x a 7.1.1.12, 7.5 anteriores a 7.5.0.3 IFIX014, y 7.5.0.5 anteriores a IFIX003; SmartCloud Control Desk (SCCD) 7.5 anteriores a 7.5.0.3 IFIX014 y 7.5.0.5 anteriores a IFIX003; y Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, y Change y Configuration Management Database (CCMDB) 7.1.x a 7.1.1.12, 7.1.2, y 7.2.x a 7.2.1 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-5402",
"lastModified": "2024-11-21T01:57:25.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-18T16:04:33.553",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/64333"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-03 05:59
Modified
2024-11-21 02:32
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.8 IFIX005, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX002 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y llevar a cabo un inicio de sesi\u00f3n introduciendo una contrase\u00f1a caducada."
}
],
"id": "CVE-2015-5017",
"lastModified": "2024-11-21T02:32:11.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-03T05:59:03.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-08 22:59
Modified
2024-11-21 02:32
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
},
{
"lang": "es",
"value": "IBM M\u00e1ximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 FP009 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX001; M\u00e1ximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 FP009, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.2 IFIX001 para SmartCloud Control Desk; y M\u00e1ximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos tienen una cuenta de administrador por defecto, lo que hace m\u00e1s f\u00e1cil a usuarios remotos autenticados obtener acceso a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-4966",
"lastModified": "2024-11-21T02:32:07.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-08T22:59:13.077",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-30 11:15
Modified
2024-11-21 02:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
"versionEndIncluding": "6.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
"versionEndIncluding": "6.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el campo KPI display name o (2) un campo portlet."
}
],
"id": "CVE-2014-0915",
"lastModified": "2024-11-21T02:03:02.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-30T11:15:33.253",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-04 02:59
Modified
2024-11-21 02:26
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21965080 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21965080 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX001 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX001 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no tienen un atributo off autocomplete para el campo password, lo que facilita a atacantes remotos obtener acceso aprovechando una estaci\u00f3n de trabajo desatendida."
}
],
"evaluatorComment": "Per http://www-01.ibm.com/support/docview.wss?uid=swg21965080:\n\" This vulnerability could allow a local attacker to obtain account access.\"",
"id": "CVE-2015-1933",
"lastModified": "2024-11-21T02:26:25.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-04T02:59:00.097",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-27 17:29
Modified
2024-11-21 02:32
Severity ?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21971160 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21971160 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33E903B1-43FE-4120-95E1-2108B630D49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6282F8E2-9EFD-4CBE-8732-22659413B149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.2; as\u00ed como otros productos de IBM permiten que usuarios autenticados remotos omitan las restricciones de acceso previstas y lean entradas del registro de tareas de tickets arbitrarias mediante vectores sin especificar. IBM X-Force ID: 106460."
}
],
"id": "CVE-2015-5016",
"lastModified": "2024-11-21T02:32:11.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-27T17:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2024-11-21 02:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21963973 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21963973 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF2DAEE6-344E-471D-9508-BD4360B5EB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "71A8F3D1-C72D-497C-8167-23A128B4AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC7C333-43F0-45D0-8E51-8041474FE3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B254C76-DB68-4FED-9E5B-11B9B595418E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6AD95-18E5-48D9-A962-85854E98FD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7549CF-96F8-4FB2-994E-17F49D946ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3A0A74-83FB-4061-8232-4BAA9D901B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX003 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-4944",
"lastModified": "2024-11-21T02:32:04.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-06T01:59:09.313",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-27 05:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "048BAB63-0A88-4E3D-998B-06EC7917DC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "804A2AD3-94FB-4085-AE08-F7120EDDEFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2659CCD-6D04-4479-BA93-B906DC200424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C47DB9B3-C8CD-45E9-9F53-617354F3A339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B028794E-5FA0-4E3D-AC4D-A2826DD6282C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "050D798F-F9CC-447B-94F4-81A893349695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "948B518D-129E-42E7-B07F-5E1CA5056DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7038EBF6-E527-492B-A6A5-14F9A2F79BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7197C12C-5CD7-4F7D-8B38-F792FAABC1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE096D4-40A8-4FD8-905C-3B13476BF748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1E369397-1BC9-42E3-94AB-1CDB01D4838C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 en versiones anteriores a 7.5.0.9 IFIX002, 7.5.1 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versi\u00f3n 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos permiten a usuarios locales obtener informaci\u00f3n sensible aprovechando privilegios administrativos y leyendo archivos de registro."
}
],
"id": "CVE-2015-7487",
"lastModified": "2024-11-21T02:36:51.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-27T05:59:01.260",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-02 21:59
Modified
2024-11-21 02:36
Severity ?
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.5 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_asset_management_essentials | 7.5 | |
| ibm | maximo_for_government | 7.5 | |
| ibm | maximo_for_life_sciences | 7.5 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.5 | |
| ibm | maximo_for_oil_and_gas | 7.5 | |
| ibm | maximo_for_transportation | 7.5 | |
| ibm | maximo_for_utilities | 7.5 | |
| ibm | smartcloud_control_desk | 7.5 | |
| ibm | smartcloud_control_desk | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FC166C-B9B7-4DD9-B22E-174247578F16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para SmartCloud Control Desk permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de la API REST."
}
],
"id": "CVE-2015-7452",
"lastModified": "2024-11-21T02:36:48.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-02T21:59:16.927",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-18 17:15
Modified
2024-11-21 01:53
Severity ?
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/62685 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 | VDB Entry, Vendor Advisory | |
| cve@mitre.org | https://www.ibm.com/support/pages/node/235239 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/62685 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/235239 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "233B2CD5-98F7-4024-BC1E-38BC4D8BA6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "095A16F3-FA2C-4D0D-BA04-597FB2FF03FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "235F85B1-345A-4CE2-9DBE-A03D49D14583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "450D430F-6E81-4DD5-9D64-3676B2D3C16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3749FF3-86DE-40CA-8A04-0987C47EA1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC5EC94-7A48-487E-BCCC-8B434E8735E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E78E1CA-83D8-4497-AF4E-A017B778107A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2906AF03-C662-4EBF-A3A3-E79DE4831F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3054179C-29D4-4098-816C-85A2CAE4103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B97B731D-8002-43D8-BF43-B32B852D0BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC611AA-993B-4C91-9EF8-ACA3D3E11F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6476767B-52DD-4A29-A379-96BFE964CA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDCDD396-CFB4-4AC9-A025-4E132FC333E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01048E18-A71F-4AC7-971E-6CE772ACE81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D9DD16-F7C9-42E3-9E1D-36B4764C8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46711969-54C1-414A-B9F7-CCDCC4FFDA6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticaci\u00f3n B\u00e1sica es usado, debido a un fallo al invalidar la sesi\u00f3n de autenticaci\u00f3n, lo que podr\u00eda permitir a un usuario malicioso obtener acceso no autorizado."
}
],
"id": "CVE-2013-3323",
"lastModified": "2024-11-21T01:53:23.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-18T17:15:12.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/235239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/235239"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-24 06:59
Modified
2024-11-21 02:22
Severity ?
Summary
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21694974 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/97998 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21694974 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97998 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | change_and_configuration_management_database | 7.1 | |
| ibm | change_and_configuration_management_database | 7.2 | |
| ibm | maximo_asset_management | 7.1 | |
| ibm | maximo_asset_management | 7.1.1 | |
| ibm | maximo_asset_management | 7.1.1.1 | |
| ibm | maximo_asset_management | 7.1.1.2 | |
| ibm | maximo_asset_management | 7.1.1.5 | |
| ibm | maximo_asset_management | 7.1.1.6 | |
| ibm | maximo_asset_management | 7.1.1.7 | |
| ibm | maximo_asset_management | 7.1.1.8 | |
| ibm | maximo_asset_management_essentials | 7.1 | |
| ibm | maximo_for_government | 7.1 | |
| ibm | maximo_for_life_sciences | 7.1 | |
| ibm | maximo_for_nuclear_power | 7.1 | |
| ibm | maximo_for_oil_and_gas | 7.1 | |
| ibm | maximo_for_transportation | 7.1 | |
| ibm | maximo_for_utilities | 7.1 | |
| ibm | tivoli_asset_management_for_it | 7.1 | |
| ibm | tivoli_asset_management_for_it | 7.2 | |
| ibm | tivoli_service_request_manager | 7.1 | |
| ibm | tivoli_service_request_manager | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
},
{
"lang": "es",
"value": "IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.1.1.8 y 7.2 y Maximo Asset Management y Maximo Industry Solutions 7.1 en versiones hasta 7.1.1.8, 7.5 en versiones anteriores a 7.5.0.7 IFIX003, y 7.6 en versiones anteriores a 7.6.0.0 IFIX002 permite a los usuarios autenticados remotos realizar ataques de desplazamiento de directorios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-0107",
"lastModified": "2024-11-21T02:22:22.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-24T06:59:00.413",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97998"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2015-7395
Vulnerability from cvelistv5
Published
2015-11-08 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21969072 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-08T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7395",
"datePublished": "2015-11-08T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5051
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21970797 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-03T04:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5051",
"datePublished": "2016-01-03T02:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7487
Vulnerability from cvelistv5
Published
2016-01-27 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21974537 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-27T04:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7487",
"datePublished": "2016-01-27T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6194
Vulnerability from cvelistv5
Published
2015-02-17 01:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98605 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21694035 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:12.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-maximo-cve20146194-dir-traversal(98605)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-maximo-cve20146194-dir-traversal(98605)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-maximo-cve20146194-dir-traversal(98605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98605"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6194",
"datePublished": "2015-02-17T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:10:12.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3323
Vulnerability from cvelistv5
Published
2020-02-18 16:03
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/62685 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 | x_refsource_MISC | |
| https://www.ibm.com/support/pages/node/235239 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/235239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-18T16:03:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/62685"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/235239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/62685",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/62685"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240"
},
{
"name": "https://www.ibm.com/support/pages/node/235239",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/pages/node/235239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3323",
"datePublished": "2020-02-18T16:03:12",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0915
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21678894 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59640 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/archive/1/533110/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/59570 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91884 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0915",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0109
Vulnerability from cvelistv5
Published
2015-02-18 02:00
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99606 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21694974 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:28.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tsam-cve20150109-xss(99606)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tsam-cve20150109-xss(99606)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsam-cve20150109-xss(99606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99606"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0109",
"datePublished": "2015-02-18T02:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:28.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5902
Vulnerability from cvelistv5
Published
2017-02-08 22:00
Modified
2024-08-06 01:15
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg21988252 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92535 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.2, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.6, 7.5.0, 7.6.0 |
Version: IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7..10 Version: 7.1.0.0 Version: 6.2.0.0 Version: 7.2 Version: 7.1.1 Version: 7.1.2 Version: 7.2.1 Version: 6.2.1 Version: 6.2.2 Version: 6.2.3 Version: 6.2.4 Version: 6.2.5 Version: 6.2.6 Version: 6.2.7 Version: 6.2.8 Version: 7.1.1.1 Version: 7.1.1.10 Version: 7.1.1.11 Version: 7.1.1.12 Version: 7.1.1.2 Version: 7.1.1.5 Version: 7.1.1.6 Version: 7.1.1.7 Version: 7.1.1.8 Version: 7.1.1.9 Version: 7.5.0.1 Version: 7.5.0.2 Version: 7.5.0.3 Version: 7.5.0.4 Version: 7.5.0.5 Version: 7.6 Version: 7.5.0 Version: 7.6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
},
{
"name": "92535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.2, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.6, 7.5.0, 7.6.0",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7..10"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "6.2.0.0"
},
{
"status": "affected",
"version": "7.2"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "6.2.8"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.10"
},
{
"status": "affected",
"version": "7.1.1.11"
},
{
"status": "affected",
"version": "7.1.1.12"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.1.1.5"
},
{
"status": "affected",
"version": "7.1.1.6"
},
{
"status": "affected",
"version": "7.1.1.7"
},
{
"status": "affected",
"version": "7.1.1.8"
},
{
"status": "affected",
"version": "7.1.1.9"
},
{
"status": "affected",
"version": "7.5.0.1"
},
{
"status": "affected",
"version": "7.5.0.2"
},
{
"status": "affected",
"version": "7.5.0.3"
},
{
"status": "affected",
"version": "7.5.0.4"
},
{
"status": "affected",
"version": "7.5.0.5"
},
{
"status": "affected",
"version": "7.6"
},
{
"status": "affected",
"version": "7.5.0"
},
{
"status": "affected",
"version": "7.6.0"
}
]
}
],
"datePublic": "2016-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
},
{
"name": "92535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.2, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.6, 7.5.0, 7.6.0",
"version": {
"version_data": [
{
"version_value": "IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7..10"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "7.2"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "7.2.1"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.3"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.6"
},
{
"version_value": "6.2.7"
},
{
"version_value": "6.2.8"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.10"
},
{
"version_value": "7.1.1.11"
},
{
"version_value": "7.1.1.12"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.1.1.5"
},
{
"version_value": "7.1.1.6"
},
{
"version_value": "7.1.1.7"
},
{
"version_value": "7.1.1.8"
},
{
"version_value": "7.1.1.9"
},
{
"version_value": "7.5.0.1"
},
{
"version_value": "7.5.0.2"
},
{
"version_value": "7.5.0.3"
},
{
"version_value": "7.5.0.4"
},
{
"version_value": "7.5.0.5"
},
{
"version_value": "7.6"
},
{
"version_value": "7.5.0"
},
{
"version_value": "7.6.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21988252",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21988252"
},
{
"name": "92535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5902",
"datePublished": "2017-02-08T22:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6102
Vulnerability from cvelistv5
Published
2015-02-17 01:00
Modified
2024-08-06 12:03
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21695597 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96141 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
},
{
"name": "ibm-maximo-cve20146102-sec-bypass(96141)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
},
{
"name": "ibm-maximo-cve20146102-sec-bypass(96141)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695597"
},
{
"name": "ibm-maximo-cve20146102-sec-bypass(96141)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6102",
"datePublished": "2015-02-17T01:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1933
Vulnerability from cvelistv5
Published
2015-10-04 01:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21965080 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:41.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-04T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1933",
"datePublished": "2015-10-04T01:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:41.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4966
Vulnerability from cvelistv5
Published
2015-11-08 22:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21968191 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-08T21:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4966",
"datePublished": "2015-11-08T22:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0108
Vulnerability from cvelistv5
Published
2015-02-18 02:00
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99605 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21694974 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:28.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-tsam-cve20150108-xss(99605)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-tsam-cve20150108-xss(99605)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsam-cve20150108-xss(99605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99605"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0108",
"datePublished": "2015-02-18T02:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:28.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7448
Vulnerability from cvelistv5
Published
2016-03-12 15:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21974938 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-03-12T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974938"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7448",
"datePublished": "2016-03-12T15:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0914
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68839 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/59640 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/533110/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21678885 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679 | vendor-advisory, x_refsource_AIXAPAR | |
| http://secunia.com/advisories/59570 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91883 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "68839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0914",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5402
Vulnerability from cvelistv5
Published
2013-12-18 11:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64333 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87298 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21660032 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64333",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64333"
},
{
"name": "ibm-maximo-cve20135402-xss(87298)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
},
{
"name": "IV49268",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "64333",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64333"
},
{
"name": "ibm-maximo-cve20135402-xss(87298)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
},
{
"name": "IV49268",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64333"
},
{
"name": "ibm-maximo-cve20135402-xss(87298)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87298"
},
{
"name": "IV49268",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5402",
"datePublished": "2013-12-18T11:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3025
Vulnerability from cvelistv5
Published
2014-07-30 10:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21678754 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59640 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/93064 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/59570 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3025",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4765
Vulnerability from cvelistv5
Published
2014-10-02 00:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21685289 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94757 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
},
{
"name": "ibm-maximo-cve20144765-error-message(94757)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
},
{
"name": "ibm-maximo-cve20144765-error-message(94757)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
},
{
"name": "ibm-maximo-cve20144765-error-message(94757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-4765",
"datePublished": "2014-10-02T00:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7452
Vulnerability from cvelistv5
Published
2016-01-02 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21972463 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-02T21:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7452",
"datePublished": "2016-01-02T21:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1934
Vulnerability from cvelistv5
Published
2015-10-04 01:00
Modified
2024-08-06 05:02
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21964855 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:02:41.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-04T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964855"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-1934",
"datePublished": "2015-10-04T01:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T05:02:41.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4944
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21963973 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4944",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7396
Vulnerability from cvelistv5
Published
2016-01-02 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21970799 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-02T21:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7396",
"datePublished": "2016-01-02T21:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0107
Vulnerability from cvelistv5
Published
2017-04-24 06:12
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97998 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21694974 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:28.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "97998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97998"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0107",
"datePublished": "2017-04-24T06:12:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:28.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0104
Vulnerability from cvelistv5
Published
2017-04-24 06:12
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97999 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21694974 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:55:28.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "97999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97999"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-0104",
"datePublished": "2017-04-24T06:12:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T03:55:28.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5017
Vulnerability from cvelistv5
Published
2016-01-03 02:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21969052 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-03T05:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5017",
"datePublished": "2016-01-03T02:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0222
Vulnerability from cvelistv5
Published
2016-03-14 01:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21976949 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-03-14T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0222",
"datePublished": "2016-03-14T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:08:13.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4965
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21966194 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug application file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4965",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7451
Vulnerability from cvelistv5
Published
2016-01-02 02:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21972423 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-02T04:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7451",
"datePublished": "2016-01-02T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4967
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21966181 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4967",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5016
Vulnerability from cvelistv5
Published
2018-03-27 17:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21971160 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5016",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}