NVD

Id
29673  
Name
CVE-2014-0824  
Description
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-05-26  
Modified Date
2014-05-30  
Seq
2014-0824  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
156907 29673 CVE-2014-0824 IV52829  View
156908 29673 CVE-2014-0824 http://www-01.ibm.com/support/docview.wss?uid=swg21670870  View
156909 29673 CVE-2014-0824 ibm-maximo-cve20140824-xss(90500)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13765 JVNDB-2014-002640 複数の IBM 製品におけるクロスサイトスクリプティングの脆弱性 複数の IBM 製品には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-0824 68225 CVE-2014-0824 29673 3.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002640.html 2014-04-18 2014-05-28 View