CVE-2013-5402

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1.x through 7.1.1.12 IBM Maximo Asset Management versions 7.1.2 IBM Maximo Asset Management versions 7.5 before 7.5.0.3 IFIX014 IBM Maximo Asset Management versions 7.5.0.5 before IFIX003 SmartCloud Control Desk (SCCD) versions 7.5 before 7.5.0.3 IFIX014 SmartCloud Control Desk (SCCD) versions 7.5.0.5 before IFIX003 Tivoli Asset Management for IT versions 7.1.x through 7.1.1.12 Tivoli Asset Management for IT versions 7.1.2 Tivoli Asset Management for IT versions 7.2.x through 7.2.1 Tivoli Service Request Manager versions 7.1.x through 7.1.1.12 Tivoli Service Request Manager versions 7.1.2 Tivoli Service Request Manager versions 7.2.x through 7.2.1 Maximo Service Desk versions 7.1.x through 7.1.1.12 Maximo Service Desk versions 7.1.2 Maximo Service Desk versions 7.2.x through 7.2.1 Change and Configuration Management Database (CCMDB) versions 7.1.x through 7.1.1.12 Change and Configuration Management Database (CCMDB) versions 7.1.2 Change and Configuration Management Database (CCMDB) versions 7.2.x through 7.2.1

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. This affects various IBM products, including Maximo Asset Management, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database.

Recommendations For IBM Maximo Asset Management versions 7.1.x through 7.1.1.12, apply the fix provided in 7.5.0.3 IFIX014 or later. For IBM Maximo Asset Management versions 7.1.2, apply the fix provided in 7.5.0.3 IFIX014 or later. For IBM Maximo Asset Management versions 7.5 before 7.5.0.3 IFIX014, apply the fix provided in 7.5.0.3 IFIX014 or later. For IBM Maximo Asset Management versions 7.5.0.5 before IFIX003, apply the fix provided in IFIX003 or later. For SmartCloud Control Desk (SCCD) versions 7.5 before 7.5.0.3 IFIX014, apply the fix provided in 7.5.0.3 IFIX014 or later. For SmartCloud Control Desk (SCCD) versions 7.5.0.5 before IFIX003, apply the fix provided in IFIX003 or later. For Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database versions 7.1.x through 7.1.1.12, apply the fix provided in 7.5.0.3 IFIX014 or later. For Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database versions 7.1.2, apply the fix provided in 7.5.0.3 IFIX014 or later. For Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database versions 7.2.x through 7.2.1, apply the fix provided in 7.5.0.3 IFIX014 or later.