CVE-2016-0262

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1.1 through 7.1.1.3 IBM Maximo Asset Management versions 7.5.0 through 7.5.0 before 7.5.0.9 IFIX004 IBM Maximo Asset Management versions 7.6.0 through 7.6.0 before 7.6.0.3 IFIX001

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, potentially due to insufficient protection of the web page structure. This could enable a remote attacker to embed arbitrary web or HTML code.

Recommendations For versions 7.1.1 through 7.1.1.3, update to a version outside of this range to mitigate the risk. For versions 7.5.0 through 7.5.0 before 7.5.0.9 IFIX004, apply IFIX004 or later to resolve the issue. For versions 7.6.0 through 7.6.0 before 7.6.0.3 IFIX001, apply IFIX001 or later to resolve the issue.