CVE-2015-4944

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX003 IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX001 IBM Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 for SmartCloud Control Desk IBM Maximo Asset Management 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This can be exploited by injecting malicious code into a website, potentially leading to unauthorized access or control.

Recommendations For IBM Maximo Asset Management versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13. For IBM Maximo Asset Management versions 7.5.0 before 7.5.0.8 IFIX003, apply IFIX003 or update to a version after 7.5.0.8 IFIX003. For IBM Maximo Asset Management versions 7.6.0 before 7.6.0.1 IFIX001, apply IFIX001 or update to a version after 7.6.0.1 IFIX001. For IBM Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 for SmartCloud Control Desk, apply IFIX003 or update to a version after 7.5.0.8 IFIX003. For IBM Maximo Asset Management 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk, apply IFIX001 or update to a version after 7.6.0.1 IFIX001. For IBM Maximo Asset Management versions 7.1 through 7.1.1.13 for Tivoli IT Asset Management for IT, update to a version after 7.1.1.13. For IBM Maximo Asset Management version 7.2 for Tivoli IT Asset Management for IT, update to a version after 7.2.