Search criteria
24 vulnerabilities found for tivoli_it_asset_management_for_it by ibm
FKIE_CVE-2014-3025
Vulnerability from fkie_nvd - Published: 2014-07-30 11:15 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
"versionEndIncluding": "6.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
"versionEndIncluding": "6.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entradas no especificadas en un fichero .jsp bajo webclient/utility/."
}
],
"id": "CVE-2014-3025",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-30T11:15:33.380",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0914
Vulnerability from fkie_nvd - Published: 2014-07-30 11:15 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
"versionEndIncluding": "6.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
"versionEndIncluding": "6.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8 y 6.x y 7.x hasta 7.5.0.6, Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk y Maximo Asset Management 6.2 hasta 6.2.8 para Tivoli IT Asset Management for IT y Maximo Service Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo Query Description."
}
],
"id": "CVE-2014-0914",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-30T11:15:33.177",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/68839"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0915
Vulnerability from fkie_nvd - Published: 2014-07-30 11:15 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
"matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
"versionEndIncluding": "6.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
"versionEndIncluding": "7.5.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
"versionEndIncluding": "6.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el campo KPI display name o (2) un campo portlet."
}
],
"id": "CVE-2014-0915",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-30T11:15:33.253",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6741
Vulnerability from fkie_nvd - Published: 2014-05-26 16:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837 y 7.5.x anterior a 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 permite a usuarios remotos autenticados obtener informaci\u00f3n de traza de pila potencialmente sensible mediante la provocaci\u00f3n de un error Birt."
}
],
"id": "CVE-2013-6741",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-26T16:55:03.003",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0824
Vulnerability from fkie_nvd - Published: 2014-05-26 16:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43D0468-F9D7-40E5-A565-3EAA7FFEC10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE55FC-2179-48D6-89B3-72783B313D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2E6C4892-87F1-4067-9624-3E1931C5EE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A006BC3C-BD49-4D46-833E-BFE1ED3D0E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM Maximo Asset Management 7.x anterior a 7.1.1.8 LAFIX.20140319-0839 y 7.1.1.12 anterior a IFIX.20140321-1336 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.8 LAFIX.20140319-0839 y 7.1.1.12 anterior a IFIX.20140218-1510 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL adjunta."
}
],
"id": "CVE-2014-0824",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-26T16:55:03.067",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0825
Vulnerability from fkie_nvd - Published: 2014-05-26 16:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "995A83BA-2438-44D7-9885-69160321BF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54234F72-760A-4E80-8172-1AD93F0A372B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en openreport.jsp en IBM Maximo Asset Management 7.x anterior a 7.1.1.12 IFIX.20140321-1336 y 7.5.x anterior a 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.12 IFIX.20140218-1510 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro report manipulado."
}
],
"id": "CVE-2014-0825",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-26T16:55:03.130",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-5465
Vulnerability from fkie_nvd - Published: 2014-05-26 16:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140323-0749, 7.1.1.12 anterior a IFIX.20140321-1336, 7.5.x anterior a 7.5.0.3 IFIX027 y 7.5.0.4 anterior a IFIX011; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140207-1801 y 7.1.1.12 anterior a IFIX.20140218-1510 no restringen debidamente tipos de archivo durante subidas, lo que permite a usuarios remotos autenticados tener un impacto no especificado a trav\u00e9s de un tipo inv\u00e1lido."
}
],
"id": "CVE-2013-5465",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-26T16:55:02.927",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4016
Vulnerability from fkie_nvd - Published: 2014-05-26 16:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9C548662-04F7-49DD-B4B4-8C6DDA5DF7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2E15FC98-D8AB-4D9C-9842-85138A2FECF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "250FC595-3DB0-4860-9FF1-AC0215A9D3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "805706EB-A82E-465D-BB3F-33AD6415FB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "186498FC-A8BD-4EA3-96C7-1A21983BB2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_service_desk:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "396F80FF-BD2E-46A4-8A44-21CC35F42E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E834D7A-9614-45BC-8361-27D80F14068D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69534F90-265A-4313-951D-D0A52AEF9C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "67A0292F-FDFE-42A6-92FC-F26596C4D23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D102E6-18FF-4BC7-83BC-77946101864C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8D103F-9065-46A6-B914-7C6754422858",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EE7E44-638B-4B42-88F3-F8E4019D8287",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1227364D-5BF3-4F7D-A4BA-22DE823A5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8506BB5F-F390-4981-A5D5-FAEF9F410172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "63EA5235-E946-487D-A875-537B87B2638E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC0184C-0593-4C37-AC63-5B09FD21B3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27827C71-E00C-4DE1-8A81-EE5863C28E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en IBM Maximo Asset Management 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140323-0749, 7.1.1.12 anterior a IFIX.20140321-1336, 7.5.x anterior a 7.5.0.3 IFIX027, 7.5.0.4 anterior a IFIX011 y 7.5.0.5 anterior a IFIX006; SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 y Tivoli IT Asset Management For IT, Tivoli Service Request Manager, Maximo Service Desk y Change And Configuration Management Database (CCMDB) 7.x anterior a 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 anterior a IFIX.20140207-1801 y 7.1.1.12 anterior a IFIX.20140218-1510 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de un informe Birt con una clausula WHERE en texto plano."
}
],
"id": "CVE-2013-4016",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-26T16:55:02.737",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-0914 (GCVE-0-2014-0914)
Vulnerability from cvelistv5 – Published: 2014-07-30 10:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "68839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0914",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3025 (GCVE-0-2014-3025)
Vulnerability from cvelistv5 – Published: 2014-07-30 10:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3025",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0915 (GCVE-0-2014-0915)
Vulnerability from cvelistv5 – Published: 2014-07-30 10:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0915",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0825 (GCVE-0-2014-0825)
Vulnerability from cvelistv5 – Published: 2014-05-26 16:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140825-xss(90501)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
},
{
"name": "IV53362",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140825-xss(90501)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
},
{
"name": "IV53362",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140825-xss(90501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
},
{
"name": "IV53362",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0825",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6741 (GCVE-0-2013-6741)
Vulnerability from cvelistv5 – Published: 2014-05-26 16:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20136741-info-disc(89857)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
},
{
"name": "IV50316",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20136741-info-disc(89857)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
},
{
"name": "IV50316",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20136741-info-disc(89857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
},
{
"name": "IV50316",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6741",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2013-11-08T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0824 (GCVE-0-2014-0824)
Vulnerability from cvelistv5 – Published: 2014-05-26 16:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV52829",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140824-xss(90500)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV52829",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140824-xss(90500)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV52829",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140824-xss(90500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0824",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5465 (GCVE-0-2013-5465)
Vulnerability from cvelistv5 – Published: 2014-05-26 16:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:20.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV46511",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20135465-file-types(88364)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV46511",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20135465-file-types(88364)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV46511",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20135465-file-types(88364)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5465",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:15:20.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4016 (GCVE-0-2013-4016)
Vulnerability from cvelistv5 – Published: 2014-05-26 16:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20134016-sqli(85793)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
},
{
"name": "IV41871",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20134016-sqli(85793)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
},
{
"name": "IV41871",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20134016-sqli(85793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
},
{
"name": "IV41871",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4016",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0914 (GCVE-0-2014-0914)
Vulnerability from nvd – Published: 2014-07-30 10:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "68839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68839"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678885"
},
{
"name": "IV56679",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140914-xss(91883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91883"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0914",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3025 (GCVE-0-2014-3025)
Vulnerability from nvd – Published: 2014-07-30 10:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678754"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "ibm-maximo-cve20143025-xss(93064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93064"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "IV57241",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV57241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3025",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0915 (GCVE-0-2014-0915)
Vulnerability from nvd – Published: 2014-07-30 10:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
},
{
"name": "59640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59640"
},
{
"name": "IV56680",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
},
{
"name": "20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
},
{
"name": "59570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59570"
},
{
"name": "ibm-maximo-cve20140915-xss(91884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0915",
"datePublished": "2014-07-30T10:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0825 (GCVE-0-2014-0825)
Vulnerability from nvd – Published: 2014-05-26 16:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140825-xss(90501)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
},
{
"name": "IV53362",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140825-xss(90501)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
},
{
"name": "IV53362",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140825-xss(90501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
},
{
"name": "IV53362",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0825",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6741 (GCVE-0-2013-6741)
Vulnerability from nvd – Published: 2014-05-26 16:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20136741-info-disc(89857)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
},
{
"name": "IV50316",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20136741-info-disc(89857)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
},
{
"name": "IV50316",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20136741-info-disc(89857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89857"
},
{
"name": "IV50316",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-6741",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2013-11-08T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0824 (GCVE-0-2014-0824)
Vulnerability from nvd – Published: 2014-05-26 16:00 – Updated: 2024-08-06 09:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV52829",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140824-xss(90500)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV52829",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140824-xss(90500)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV52829",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140824-xss(90500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0824",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5465 (GCVE-0-2013-5465)
Vulnerability from nvd – Published: 2014-05-26 16:00 – Updated: 2024-08-06 17:15
VLAI?
Summary
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:20.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IV46511",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20135465-file-types(88364)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IV46511",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20135465-file-types(88364)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV46511",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20135465-file-types(88364)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5465",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:15:20.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4016 (GCVE-0-2013-4016)
Vulnerability from nvd – Published: 2014-05-26 16:00 – Updated: 2024-08-06 16:30
VLAI?
Summary
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20134016-sqli(85793)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
},
{
"name": "IV41871",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20134016-sqli(85793)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
},
{
"name": "IV41871",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20134016-sqli(85793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85793"
},
{
"name": "IV41871",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4016",
"datePublished": "2014-05-26T16:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}