PT-2014-3869 · Ibm · Tivoli Asset Management For It+4

Publicado

2014-05-26

·

Atualizado

2017-08-29

·

CVE-2014-0824

CVSS v2.0

3.5

Baixa

VetorAV:N/AC:M/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.0 through 7.1.1.7 IBM Maximo Asset Management version 7.1.1.12 before IFIX.20140321-1336 Tivoli IT Asset Management for IT versions 7.0 through 7.1.1.7 Tivoli IT Asset Management for IT version 7.1.1.12 before IFIX.20140218-1510 Tivoli Service Request Manager versions 7.0 through 7.1.1.7 Tivoli Service Request Manager version 7.1.1.12 before IFIX.20140218-1510 Maximo Service Desk versions 7.0 through 7.1.1.7 Maximo Service Desk version 7.1.1.12 before IFIX.20140218-1510 Change and Configuration Management Database (CCMDB) versions 7.0 through 7.1.1.7 Change and Configuration Management Database (CCMDB) version 7.1.1.12 before IFIX.20140218-1510
Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
Recommendations For IBM Maximo Asset Management versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For IBM Maximo Asset Management version 7.1.1.12 before IFIX.20140321-1336, apply IFIX.20140321-1336 or later. For Tivoli IT Asset Management for IT versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For Tivoli IT Asset Management for IT version 7.1.1.12 before IFIX.20140218-1510, apply IFIX.20140218-1510 or later. For Tivoli Service Request Manager versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For Tivoli Service Request Manager version 7.1.1.12 before IFIX.20140218-1510, apply IFIX.20140218-1510 or later. For Maximo Service Desk versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For Maximo Service Desk version 7.1.1.12 before IFIX.20140218-1510, apply IFIX.20140218-1510 or later. For Change and Configuration Management Database (CCMDB) versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For Change and Configuration Management Database (CCMDB) version 7.1.1.12 before IFIX.20140218-1510, apply IFIX.20140218-1510 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2014-0824

Produtos afetados

Change/Configuration Management Database
Ibm Maximo Asset Management
Maximo Service Desk
Tivoli Asset Management For It
Tivoli Service Request Manager