Lucene search

IbmCVE-2012-3328

HistoryFeb 20, 2013 - 12:09 p.m.

CVE-2012-3328

2013-02-2012:09:22

CWE-79

ibm

web.nvd.nist.gov

ibm

maximo asset management

xss

vulnerability

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

55.1%

JSON

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.

Affected configurations

Nvd

Node

ibmchange_and_configuration_management_databaseMatch7.1.

ibmchange_and_configuration_management_databaseMatch7.2.0

ibmmaximo_asset_managementMatch7.1

ibmmaximo_asset_management_essentialsMatch7.1

ibmtivoli_asset_management_for_itMatch7.1

ibmtivoli_asset_management_for_itMatch7.2

ibmtivoli_service_request_managerMatch7.1.0

ibmtivoli_service_request_managerMatch7.1.0.0

ibmtivoli_service_request_managerMatch7.2.0.0

VendorProductVersionCPE
ibmchange_and_configuration_management_database7.1.cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:*:*:*:*:*:*:*
ibmchange_and_configuration_management_database7.2.0cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:*:*:*:*:*:*:*
ibmmaximo_asset_management7.1cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
ibmmaximo_asset_management_essentials7.1cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*
ibmtivoli_asset_management_for_it7.1cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*
ibmtivoli_asset_management_for_it7.2cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*
ibmtivoli_service_request_manager7.1.0cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:*:*:*:*:*:*:*
ibmtivoli_service_request_manager7.1.0.0cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:*:*:*:*:*:*:*
ibmtivoli_service_request_manager7.2.0.0cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	change_and_configuration_management_database	7.1.	cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.:::::::*
ibm	change_and_configuration_management_database	7.2.0	cpe:2.3:a:ibm:change_and_configuration_management_database:7.2.0:::::::*
ibm	maximo_asset_management	7.1	cpe:2.3:a:ibm:maximo_asset_management:7.1:::::::*
ibm	maximo_asset_management_essentials	7.1	cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:::::::*
ibm	tivoli_asset_management_for_it	7.1	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:::::::*
ibm	tivoli_asset_management_for_it	7.2	cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:::::::*
ibm	tivoli_service_request_manager	7.1.0	cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0:::::::*
ibm	tivoli_service_request_manager	7.1.0.0	cpe:2.3:a:ibm:tivoli_service_request_manager:7.1.0.0:::::::*
ibm	tivoli_service_request_manager	7.2.0.0	cpe:2.3:a:ibm:tivoli_service_request_manager:7.2.0.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IV20823

www-01.ibm.com/support/docview.wss?uid=swg21625624

exchange.xforce.ibmcloud.com/vulnerabilities/78040

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

55.1%

JSON

Related for CVE-2012-3328