CVE-2012-3328

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 IBM Maximo Asset Management Essentials version 7.1 Tivoli Asset Management for IT versions 7.1 through 7.2 Tivoli Service Request Manager versions 7.1 through 7.2 Change and Configuration Management Database (CCMDB) versions 7.1 through 7.2

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.

Recommendations For IBM Maximo Asset Management version 7.1, update to a version that includes the fix for this issue. For IBM Maximo Asset Management Essentials version 7.1, update to a version that includes the fix for this issue. For Tivoli Asset Management for IT versions 7.1 through 7.2, update to a version that includes the fix for this issue. For Tivoli Service Request Manager versions 7.1 through 7.2, update to a version that includes the fix for this issue. For Change and Configuration Management Database (CCMDB) versions 7.1 through 7.2, update to a version that includes the fix for this issue.