CVE-2012-3322

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 6.2 through 7.5 IBM Maximo Asset Management Essentials versions 6.2 through 7.5 IBM Tivoli Asset Management for IT versions 6.2 through 7.2 IBM Tivoli Service Request Manager versions 7.1 and 7.2 IBM Maximo Service Desk version 6.2 IBM Change and Configuration Management Database (CCMDB) versions 7.1 and 7.2 IBM SmartCloud Control Desk version 7.5

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name.

Recommendations For IBM Maximo Asset Management versions 6.2 through 7.5, update to a version that includes the fix for this issue. For IBM Maximo Asset Management Essentials versions 6.2 through 7.5, update to a version that includes the fix for this issue. For IBM Tivoli Asset Management for IT versions 6.2 through 7.2, update to a version that includes the fix for this issue. For IBM Tivoli Service Request Manager versions 7.1 and 7.2, update to a version that includes the fix for this issue. For IBM Maximo Service Desk version 6.2, update to a version that includes the fix for this issue. For IBM Change and Configuration Management Database (CCMDB) versions 7.1 and 7.2, update to a version that includes the fix for this issue. For IBM SmartCloud Control Desk version 7.5, update to a version that includes the fix for this issue.