CVE

Id
68324  
CVE No.
CVE-2014-0915  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.  
Phase
Assigned (20140106)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
658233 68324 CVE-2014-0915 BUGTRAQ:20140811 IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)  View
658234 68324 CVE-2014-0915 URL:http://www.securityfocus.com/archive/1/archive/1/533110/100/0/threaded  View
658235 68324 CVE-2014-0915 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21678894  View
658236 68324 CVE-2014-0915 AIXAPAR:IV56680  View
658237 68324 CVE-2014-0915 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680  View
658238 68324 CVE-2014-0915 SECUNIA:59570  View
658239 68324 CVE-2014-0915 URL:http://secunia.com/advisories/59570  View
658240 68324 CVE-2014-0915 SECUNIA:59640  View
658241 68324 CVE-2014-0915 URL:http://secunia.com/advisories/59640  View
658242 68324 CVE-2014-0915 XF:ibm-maximo-cve20140915-xss(91884)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
13260 JVNDB-2014-002135 IBM MessageSight におけるサービス運用妨害 (DoS) の脆弱性 IBM MessageSight には、サービス運用妨害 (デーモンの再起動) 状態にされる脆弱性が存在します。 CVE-2014-0923 68324 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002135.html  View