CVE-2012-3316

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 6.2 through 7.5 IBM Maximo Asset Management Essentials versions 6.2 through 7.5 Tivoli Asset Management for IT versions 6.2 through 7.2 Tivoli Service Request Manager versions 7.1 and 7.2 Maximo Service Desk version 6.2 Change and Configuration Management Database (CCMDB) versions 7.1 and 7.2 SmartCloud Control Desk version 7.5

Description A cross-site scripting (XSS) issue exists in the Tivoli Process Automation Engine (TPAE) component, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Recommendations For IBM Maximo Asset Management versions 6.2 through 7.5, update to a version that includes the fix for this issue. For IBM Maximo Asset Management Essentials versions 6.2 through 7.5, update to a version that includes the fix for this issue. For Tivoli Asset Management for IT versions 6.2 through 7.2, update to a version that includes the fix for this issue. For Tivoli Service Request Manager versions 7.1 and 7.2, update to a version that includes the fix for this issue. For Maximo Service Desk version 6.2, update to a version that includes the fix for this issue. For Change and Configuration Management Database (CCMDB) versions 7.1 and 7.2, update to a version that includes the fix for this issue. For SmartCloud Control Desk version 7.5, update to a version that includes the fix for this issue.