CVE-2014-0915

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 6.2 through 6.2.8 IBM Maximo Asset Management versions 7.1 through 7.1.1.2 IBM Maximo Asset Management versions 7.5 through 7.5.0.6 IBM Maximo Asset Management for SmartCloud Control Desk versions 7.5 through 7.5.0.3 IBM Maximo Asset Management for SmartCloud Control Desk versions 7.5.1 through 7.5.1.2 IBM Tivoli Asset Management for IT versions 6.2 through 6.2.8 IBM Tivoli Asset Management for IT versions 7.1 through 7.1.1.2 IBM Tivoli Asset Management for IT version 7.2

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via the KPI display name field or a portlet field, which can lead to cross-site scripting (XSS) attacks.

Recommendations For IBM Maximo Asset Management versions 6.2 through 6.2.8, update to a version outside of this range to mitigate the risk. For IBM Maximo Asset Management versions 7.1 through 7.1.1.2, update to a version outside of this range to mitigate the risk. For IBM Maximo Asset Management versions 7.5 through 7.5.0.6, update to a version outside of this range to mitigate the risk. For IBM Maximo Asset Management for SmartCloud Control Desk versions 7.5 through 7.5.0.3, update to a version outside of this range to mitigate the risk. For IBM Maximo Asset Management for SmartCloud Control Desk versions 7.5.1 through 7.5.1.2, update to a version outside of this range to mitigate the risk. For IBM Tivoli Asset Management for IT versions 6.2 through 6.2.8, update to a version outside of this range to mitigate the risk. For IBM Tivoli Asset Management for IT versions 7.1 through 7.1.1.2, update to a version outside of this range to mitigate the risk. For IBM Tivoli Asset Management for IT version 7.2, update to a version outside of this range to mitigate the risk.