2 matches found
IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)
Two classes of persistent XSS issues we reported in IBM Maximo a month or two back are now fixed: http://www.pentestpartners.com/blog/further-ibm-maximo-asset-management-vulnerabilities-reported/ Individual bulletins linked from the above, but tl;dr is I would suggest patching, as this could...
CVE-2014-0914
CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...