FKIE_CVE-2014-0915

Vulnerability from fkie_nvd - Published: 2014-07-30 11:15 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
References
psirt@us.ibm.comhttp://secunia.com/advisories/59570
psirt@us.ibm.comhttp://secunia.com/advisories/59640
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21678894Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/archive/1/533110/100/0/threaded
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91884
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59570
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59640
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21678894Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/533110/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/91884
Impacted products
Vendor Product Version
ibm maximo_asset_management 6.2
ibm maximo_asset_management 6.2.1
ibm maximo_asset_management 6.2.2
ibm maximo_asset_management 6.2.3
ibm maximo_asset_management 6.2.4
ibm maximo_asset_management 6.2.5
ibm maximo_asset_management 6.2.6
ibm maximo_asset_management 6.2.6.1
ibm maximo_asset_management 6.2.7
ibm maximo_asset_management 6.2.8
ibm maximo_asset_management 7.1
ibm maximo_asset_management 7.1.1
ibm maximo_asset_management 7.1.1.1
ibm maximo_asset_management 7.1.1.2
ibm maximo_asset_management 7.1.1.5
ibm maximo_asset_management 7.1.1.6
ibm maximo_asset_management 7.1.1.7
ibm maximo_asset_management 7.1.1.8
ibm maximo_asset_management 7.1.1.9
ibm maximo_asset_management 7.1.1.10
ibm maximo_asset_management 7.1.1.11
ibm maximo_asset_management 7.1.1.12
ibm maximo_asset_management 7.1.2
ibm maximo_asset_management 7.5.0.0
ibm maximo_asset_management 7.5.0.1
ibm maximo_asset_management 7.5.0.2
ibm maximo_asset_management 7.5.0.3
ibm maximo_asset_management 7.5.0.4
ibm maximo_asset_management 7.5.0.5
ibm maximo_asset_management 7.5.0.6
ibm maximo_asset_management 7.5.0.10
ibm maximo_asset_management_essentials *
ibm maximo_asset_management_essentials 6.2.0.0
ibm maximo_asset_management_essentials 7.1
ibm maximo_asset_management_essentials 7.5.0.0
ibm maximo_asset_management_essentials 7.5.0.1
ibm maximo_asset_management_essentials 7.5.0.2
ibm maximo_asset_management_essentials 7.5.0.3
ibm maximo_asset_management_essentials 7.5.0.4
ibm maximo_asset_management_essentials 7.5.0.5
ibm maximo_for_government *
ibm maximo_for_government 7.1
ibm maximo_for_government 7.5.0.0
ibm maximo_for_government 7.5.0.1
ibm maximo_for_government 7.5.0.2
ibm maximo_for_government 7.5.0.3
ibm maximo_for_government 7.5.0.4
ibm maximo_for_government 7.5.0.5
ibm maximo_for_life_sciences *
ibm maximo_for_life_sciences 7.1
ibm maximo_for_life_sciences 7.5.0.0
ibm maximo_for_life_sciences 7.5.0.1
ibm maximo_for_life_sciences 7.5.0.2
ibm maximo_for_life_sciences 7.5.0.3
ibm maximo_for_life_sciences 7.5.0.4
ibm maximo_for_life_sciences 7.5.0.5
ibm maximo_for_nuclear_power *
ibm maximo_for_nuclear_power 7.1
ibm maximo_for_nuclear_power 7.5.0.0
ibm maximo_for_nuclear_power 7.5.0.1
ibm maximo_for_nuclear_power 7.5.0.2
ibm maximo_for_nuclear_power 7.5.0.3
ibm maximo_for_nuclear_power 7.5.0.4
ibm maximo_for_nuclear_power 7.5.0.5
ibm maximo_for_oil_and_gas *
ibm maximo_for_oil_and_gas 7.1
ibm maximo_for_oil_and_gas 7.5.0.0
ibm maximo_for_oil_and_gas 7.5.0.1
ibm maximo_for_oil_and_gas 7.5.0.2
ibm maximo_for_oil_and_gas 7.5.0.3
ibm maximo_for_oil_and_gas 7.5.0.4
ibm maximo_for_oil_and_gas 7.5.0.5
ibm maximo_for_transportation *
ibm maximo_for_transportation 7.1
ibm maximo_for_transportation 7.5.0.0
ibm maximo_for_transportation 7.5.0.1
ibm maximo_for_transportation 7.5.0.2
ibm maximo_for_transportation 7.5.0.3
ibm maximo_for_transportation 7.5.0.4
ibm maximo_for_transportation 7.5.0.5
ibm maximo_for_utilities *
ibm maximo_for_utilities 7.1
ibm maximo_for_utilities 7.5.0.0
ibm maximo_for_utilities 7.5.0.1
ibm maximo_for_utilities 7.5.0.2
ibm maximo_for_utilities 7.5.0.3
ibm maximo_for_utilities 7.5.0.4
ibm maximo_for_utilities 7.5.0.5
ibm maximo_service_desk *
ibm smartcloud_control_desk *
ibm smartcloud_control_desk 7.5
ibm smartcloud_control_desk 7.5.0.0
ibm smartcloud_control_desk 7.5.0.1
ibm smartcloud_control_desk 7.5.0.2
ibm smartcloud_control_desk 7.5.0.3
ibm smartcloud_control_desk 7.5.1.0
ibm smartcloud_control_desk 7.5.1.1
ibm smartcloud_control_desk 7.5.1.2
ibm tivoli_it_asset_management_for_it *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F540E9A3-A1D7-4993-9149-295970944355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3625EE-DD32-43C1-8406-A23BD4DCD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B68421-2A1E-4865-9F57-10C23F1D1ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC1505-74F4-4F2F-A44A-54D6B9836548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB3D1DE-5702-4533-AFB6-FBCD2601681E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E4240C-2BCD-4CDE-9134-E137759C22D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7ED0B9-E115-42F3-A767-2DDE4D698723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F450DA-21C6-4B8E-B3F6-38B9BB0571EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C76E3C7-EF50-419D-A79A-E68FBD44F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11C85F8-E4AA-4121-B8A6-5A2E56E5A05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F261A268-7CD0-4328-8FBB-6AC40927DDFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "537C2C01-302E-48A2-9D50-C98AB6DBC466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C72B48-0C0F-4C90-A34B-528A5C67432C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59090B6A-09AE-4597-A60A-38C20AEA8F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74B7BC68-4BCB-4E02-9F6D-0F99DBE87FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB99EBA-9725-4AB3-B816-5E00ADD7B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A4B2CD-94F5-4449-8D1F-E69C3BA9929C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F077F88-37D3-43FA-8EA6-A7FBD9869AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "741A13F4-DED0-43A2-8761-AAEAA0557B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8945E452-7D50-4C59-B8CE-8F1C756DB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0632D29-B9B9-48E1-9762-A80B660CEBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41ED069C-0C1B-4D0E-A077-E095897003DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B590C42-21A1-4C62-8293-5A0D7AD628E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "01604919-877F-4BDF-A137-C1A54E04BEC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4577B9CD-45CA-4D01-B99D-7C39131C9C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB734EA-42EE-4BE0-934E-9E783BCDA31A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "16981EC3-76AE-441B-92C4-8DD6E6A1EA89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BB996E-17BC-4E35-97A0-142946F6B2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8B991C-2AE4-499D-B173-BF016D7F78F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB19E05B-1E03-4230-BE05-21A989695749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F456DA-8995-43E2-91A0-B20B070F26A0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E041757-CFF1-4F3D-95FF-979BE37FCE0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA89D39-C008-49CD-9D1E-7109644970AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7AF98E-13F3-4D28-9BD1-4D17DFF290D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF1B4FA-A938-4A1C-91C7-21255ACDB0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5C2A28-739B-42A3-9161-E88BACB1876A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB685AE-C72D-41BD-B9E3-0767328EAB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC50C9-49EF-47CA-88FB-A8BCDF44922B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "106F6572-D362-4040-A878-67B2ACCEA161",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13EC59E-0D34-429E-857A-6553286B95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E847B9C-EBB6-47EF-8519-52F3B0ED13FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C99DF69D-4963-4BC7-81DE-7091FDD7FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E000525-2222-4B9D-9631-7A2EF8DF5EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91D1E87-8812-4B7A-A4CF-E78D64247F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542A832F-E26D-4232-BC5A-FB93F0A33072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084AF336-B44B-4B4C-86AB-82197C9410D1",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E905E5-EF91-4CD3-B30F-06B9BDFD07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9956CC67-C6C5-454C-AB39-D6E2B182B256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A031C08-3502-4770-838F-C9481F92E3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40421A30-9CD0-46FE-8723-E4AC6EA51F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4951D3-68F8-4A99-9F3C-7C5118CBBCF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24B38BD-2A3B-4B00-B053-06F5AB32265C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF5E8225-885D-4FB8-9706-97D559DDF4CF",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C60408-42F0-495B-840B-9A2F5C9CE5E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D493B1-2E6E-48B4-9FA3-78D8F6447F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1452A20-CF6F-4150-B543-ECB9C8E921D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3985E49F-DDA0-4344-9088-4C961A3F7CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47280A1-1E0C-4D58-AB28-4E85DFEB3081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "08080694-7D79-42B4-BEFF-36C2435BF0AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271DF14A-0466-4ACF-B4CE-A5AAC7E0F9A5",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348A5D33-4B81-479F-AE61-4C17642F11EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "470406C7-0F53-47B9-8A5B-E8053DC37640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51692CC8-DB5B-45DF-B1C4-0F977350A99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94013B4-56FD-4380-A08C-3867FD3C0B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65878D4F-0171-4BF0-AAB1-9AB8A95EEDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37A2515-3CB2-4D36-BAED-D5915CAD8BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F350C06-CF48-43FE-BDB3-1F1E31332E25",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61A8511-5C5E-4328-998A-28D3229B9B38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A723D1C-A9AF-4D7F-9E76-14AAE49E2D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "615A3FF9-B20F-4C4E-9A6E-5A6F71A938B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F36331-E40D-4F7D-A748-8F87DC17B1E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E285BF7C-B698-4F56-A172-B196B7694987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D069E18-1DBB-4537-AAE3-1D42C492D4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A202F4B-6814-4F85-837C-1655D316ADC0",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "982661EA-3176-4854-A64C-9F32751A045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9688CC0-4A67-4884-B327-B403ABF59A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B19AFE-7D8B-48E4-9012-7AA3FA885DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3175D9-FB46-41FF-97D1-1E86497195BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1D9AD3-5F06-48A0-B5E9-6B58B90ED75D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E5F34-0898-467E-A148-B14078C3239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:maximo_service_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "882C1071-A3C3-4CD6-905B-9D8E32A37120",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA6D104-64DA-47CE-A0CB-589C93A0B3DC",
              "versionEndIncluding": "7.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88692CEA-1B67-4D1D-86CF-FC0C6DDB2B27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83265FEF-C0CF-47B9-9A62-020897AABC5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A421E5-F65D-459D-87E3-6398D587F8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "868B2E44-6193-4159-8D87-C77B468B02DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F37D573-8E61-41D1-AC4D-D5AAA7C46CCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EECFFA3-6D8F-454F-AD00-2DC51A954B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7078628B-134D-48C6-A461-23CCC41A848E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:7.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E249DE7D-6C22-4DA3-B004-17728F06C6C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_it_asset_management_for_it:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A204032-17C7-4617-AB29-589903A2B9C3",
              "versionEndIncluding": "6.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el campo KPI display name o (2) un campo portlet."
    }
  ],
  "id": "CVE-2014-0915",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-07-30T11:15:33.253",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/59640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533110/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91884"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.