CVE-2011-4819

IBM Maximo Asset Management - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.

References (5)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21584666

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52333

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72008

[Third Party Advisory] http://secunia.com/advisories/48299

Scores

EPSS 0.0029

EPSS Percentile 52.5%

Classification

CWE

CWE-79

Status published

Affected Products (7)

ibm/maximo_asset_management

ibm/maximo_asset_management

ibm/maximo_asset_management

ibm/maximo_asset_management_essentials

ibm/maximo_asset_management_essentials

ibm/maximo_asset_management_essentials

n/a/n/a

Timeline

Published Mar 13, 2012

Tracked Since Feb 18, 2026