CVE-2012-0195

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 6.2, 7.1, 7.5 IBM Tivoli Asset Management for IT versions 6.2, 7.1, 7.2 IBM Tivoli Service Request Manager versions 7.1, 7.2 IBM Maximo Service Desk version 6.2 IBM Tivoli Change and Configuration Management Database (CCMDB) versions 6.2, 7.1, 7.2

Description A cross-site scripting (XSS) issue exists in the Start Center Layout and Configuration component, allowing remote attackers to inject arbitrary web script or HTML via the display name. This could potentially lead to unauthorized actions on the affected system.

Recommendations For IBM Maximo Asset Management versions 6.2, 7.1, 7.5, update to a version that includes the fix for this issue. For IBM Tivoli Asset Management for IT versions 6.2, 7.1, 7.2, update to a version that includes the fix for this issue. For IBM Tivoli Service Request Manager versions 7.1, 7.2, update to a version that includes the fix for this issue. For IBM Maximo Service Desk version 6.2, update to a version that includes the fix for this issue. For IBM Tivoli Change and Configuration Management Database (CCMDB) versions 6.2, 7.1, 7.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Start Center Layout and Configuration component to minimize the risk of exploitation.