CVE-2011-1395

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management and Asset Management Essentials versions 6.2, 7.1, and 7.5

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the controlid parameter in the imicon.jsp file.

Recommendations For versions 6.2, 7.1, and 7.5, avoid using the controlid parameter in the imicon.jsp file until a fix is available. As a temporary workaround, consider restricting access to the imicon.jsp file to minimize the risk of exploitation.