CVE-2008-3161

Name of the Vulnerable Software and Affected Versions: IBM Maximo versions 4.1 through 5.2

Description: The issue allows remote attackers to inject arbitrary web script or HTML via certain HTTP headers, including Accept, Accept-Language, UA-CPU, Accept-Encoding, User-Agent, or Cookie.

Recommendations: For IBM Maximo versions 4.1 through 5.2, consider restricting access to the jsp/common/system/debug.jsp page until a fix is available. As a temporary workaround, avoid using the vulnerable HTTP headers in requests to the affected page. At the moment, there is no information about a newer version that contains a fix for this issue.