CVE-2012-0195

IBM Maximo Asset Management - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.

References (6)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21584666

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52333

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72612

[Third Party Advisory] http://secunia.com/advisories/48299

[Third Party Advisory] http://secunia.com/advisories/48305

Scores

EPSS 0.0048

EPSS Percentile 64.7%

Classification

CWE

CWE-79

Status published

Affected Products (16)

ibm/maximo_asset_management

ibm/maximo_asset_management

ibm/maximo_asset_management

ibm/maximo_asset_management_essentials

ibm/maximo_asset_management_essentials

ibm/maximo_asset_management_essentials

ibm/tivoli_asset_management_for_it

ibm/tivoli_asset_management_for_it

ibm/tivoli_asset_management_for_it

ibm/trivoli_service_request_manager

ibm/trivoli_service_request_manager

ibm/maximo_service_desk

ibm/tivoli_change_and_configuration_management_database

ibm/tivoli_change_and_configuration_management_database

ibm/tivoli_change_and_configuration_management_database

... and 1 more

Timeline

Published Mar 13, 2012

Tracked Since Feb 18, 2026