CVE-2016-0399

Name of the Vulnerable Software and Affected Versions IBM Maximo Asset Management versions 7.1 through 7.1.1.13 IBM Maximo Asset Management versions 7.5 before 7.5.0.9 IFIX007 IBM Maximo Asset Management versions 7.6 before 7.6.0.5 FP005

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This is due to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to inject malicious code.

Recommendations For versions 7.1 through 7.1.1.13, update to a version after 7.1.1.13 to resolve the issue. For versions 7.5 before 7.5.0.9 IFIX007, apply IFIX007 or update to a version after 7.5.0.9 IFIX007. For versions 7.6 before 7.6.0.5 FP005, apply FP005 or update to a version after 7.6.0.5 FP005.