PT-2014-3869 · Ibm · Tivoli Asset Management For It+4

Published

2014-05-26

·

Updated

2017-08-29

·

CVE-2014-0824

CVSS v2.0

3.5

Low

VectorAV:N/AC:M/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.0 through 7.1.1.7 IBM Maximo Asset Management version 7.1.1.12 before IFIX.20140321-1336 Tivoli IT Asset Management for IT versions 7.0 through 7.1.1.7 Tivoli IT Asset Management for IT version 7.1.1.12 before IFIX.20140218-1510 Tivoli Service Request Manager versions 7.0 through 7.1.1.7 Tivoli Service Request Manager version 7.1.1.12 before IFIX.20140218-1510 Maximo Service Desk versions 7.0 through 7.1.1.7 Maximo Service Desk version 7.1.1.12 before IFIX.20140218-1510 Change and Configuration Management Database (CCMDB) versions 7.0 through 7.1.1.7 Change and Configuration Management Database (CCMDB) version 7.1.1.12 before IFIX.20140218-1510
Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
Recommendations For IBM Maximo Asset Management versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For IBM Maximo Asset Management version 7.1.1.12 before IFIX.20140321-1336, apply IFIX.20140321-1336 or later. For Tivoli IT Asset Management for IT versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For Tivoli IT Asset Management for IT version 7.1.1.12 before IFIX.20140218-1510, apply IFIX.20140218-1510 or later. For Tivoli Service Request Manager versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For Tivoli Service Request Manager version 7.1.1.12 before IFIX.20140218-1510, apply IFIX.20140218-1510 or later. For Maximo Service Desk versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For Maximo Service Desk version 7.1.1.12 before IFIX.20140218-1510, apply IFIX.20140218-1510 or later. For Change and Configuration Management Database (CCMDB) versions 7.0 through 7.1.1.7, update to version 7.1.1.8 LAFIX.20140319-0839 or later. For Change and Configuration Management Database (CCMDB) version 7.1.1.12 before IFIX.20140218-1510, apply IFIX.20140218-1510 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2014-0824

Affected Products

Change/Configuration Management Database
Ibm Maximo Asset Management
Maximo Service Desk
Tivoli Asset Management For It
Tivoli Service Request Manager