3 matches found
Security Bulletin: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0915)
Summary Cross-site scripting security vulnerability on KPI display name field and various portlet fields in Maximo Asset Mgmt, Tivoli Asset Mgmt for IT, Tivoli Service Request Mgr, Change and Configuration Mgmt Database, and SmartCloud Control Desk. Vulnerability Details DESCRIPTION: Customers wh...
IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)
Two classes of persistent XSS issues we reported in IBM Maximo a month or two back are now fixed: http://www.pentestpartners.com/blog/further-ibm-maximo-asset-management-vulnerabilities-reported/ Individual bulletins linked from the above, but tl;dr is I would suggest patching, as this could...
CVE-2014-0915
CVE-2014-0915 affects IBM Maximo and related products (Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government/Nuclear Power/Transportation/Life Sciences/Oil & Gas/Utilities, Tivoli IT, Tivoli Service Request Manager, Maximo Service Desk, CMDB, SmartCloud Control Desk) ...