Lucene search

K
cve[email protected]CVE-2014-0825
HistoryMay 26, 2014 - 4:55 p.m.

CVE-2014-0825

2014-05-2616:55:03
CWE-79
web.nvd.nist.gov
20
cve
2014
0825
xss
vulnerability
ibm
maximo
asset management
smartcloud control desk
tivoli
it asset management
it
service request manager
change and configuration management database
ccmdb

5.3 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

36.5%

Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter.

Affected configurations

NVD
Node
ibmchange_and_configuration_management_databaseMatch7.0
OR
ibmchange_and_configuration_management_databaseMatch7.1
OR
ibmchange_and_configuration_management_databaseMatch7.1.1.7
OR
ibmchange_and_configuration_management_databaseMatch7.1.1.11
OR
ibmchange_and_configuration_management_databaseMatch7.1.1.12
OR
ibmmaximo_service_deskMatch7.1.1.7
OR
ibmmaximo_service_deskMatch7.1.1.11
OR
ibmmaximo_service_deskMatch7.1.1.12
OR
ibmtivoli_it_asset_management_for_itMatch7.1.1.7
OR
ibmtivoli_it_asset_management_for_itMatch7.1.1.11
OR
ibmtivoli_it_asset_management_for_itMatch7.1.1.12
OR
ibmtivoli_service_request_managerMatch7.0
OR
ibmtivoli_service_request_managerMatch7.1.0
OR
ibmtivoli_service_request_managerMatch7.1.0.0
OR
ibmtivoli_service_request_managerMatch7.1.1
OR
ibmtivoli_service_request_managerMatch7.1.1.7
OR
ibmtivoli_service_request_managerMatch7.1.1.11
OR
ibmtivoli_service_request_managerMatch7.1.1.12
Node
ibmsmartcloud_control_deskMatch7.0
OR
ibmsmartcloud_control_deskMatch7.5
OR
ibmsmartcloud_control_deskMatch7.5.0.0
OR
ibmsmartcloud_control_deskMatch7.5.0.1
OR
ibmsmartcloud_control_deskMatch7.5.0.2
OR
ibmsmartcloud_control_deskMatch7.5.1.0
OR
ibmsmartcloud_control_deskMatch7.5.1.1
Node
ibmmaximo_asset_managementMatch7.1
OR
ibmmaximo_asset_managementMatch7.1.1
OR
ibmmaximo_asset_managementMatch7.1.1.1
OR
ibmmaximo_asset_managementMatch7.1.1.2
OR
ibmmaximo_asset_managementMatch7.1.1.5
OR
ibmmaximo_asset_managementMatch7.1.1.6
OR
ibmmaximo_asset_managementMatch7.1.1.7
OR
ibmmaximo_asset_managementMatch7.1.1.8
OR
ibmmaximo_asset_managementMatch7.1.1.9
OR
ibmmaximo_asset_managementMatch7.1.1.10
OR
ibmmaximo_asset_managementMatch7.1.1.11
OR
ibmmaximo_asset_managementMatch7.1.1.12
OR
ibmmaximo_asset_managementMatch7.5.0.0
OR
ibmmaximo_asset_managementMatch7.5.0.1
OR
ibmmaximo_asset_managementMatch7.5.0.2
OR
ibmmaximo_asset_managementMatch7.5.0.3
OR
ibmmaximo_asset_managementMatch7.5.0.4
OR
ibmmaximo_asset_managementMatch7.5.0.5

5.3 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

36.5%

Related for CVE-2014-0825