CVE-2012-0727

CVE-2012-0727 is an SQL injection vulnerability affecting IBM Maximo Asset Management family (7.5, 7.1, 6.2) and related products (SmartCloud Control Desk, Tivoli AIM, Tivoli Service Request Manager, Maximo Service Desk, CCMDB). The root cause is SQL injection in certain components, allowing remo...

CVE-2012-3313

CVE-2012-3313 is an XSS vulnerability in IBM Maximo Asset Management 6.2–7.5 (and related products such as SmartCloud Control Desk, Tivoli AM for IT, TS RM, Maximo Service Desk, and CCMDB). The issue allows an attacker to inject arbitrary web script/HTML via unspecified vectors in affected deploy...

CVE-2012-0747

CVE-2012-0747 is an SQL injection vulnerability affecting IBM Maximo Asset Management across versions 6.2 through 7.5 (and enabled in related products such as SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The issue allows...

CVE-2012-0728

CVE-2012-0728 is an SQL injection in IBM Maximo Asset Management 7.1–7.5 (as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The vulnerability allows remote authenticated users to execute arbitrary SQL commands via ...

CVE-2012-3326

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote attackers to inject arbitrary w...

CVE-2012-2184

Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote attackers to hijack web...

CVE-2012-2185

CVE-2012-2185 affects IBM Maximo Asset Management and related products (Maximo Asset Management 6.2–7.5 and associated suites) used with SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB. The IBM bulletin documents information ...

CVE-2011-4819

Multiple cross-site scripting XSS vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to 1 maximo.jsp or 2 the default URI under ui/...

CVE-2011-4817

The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management...

CVE-2012-0195

Cross-site scripting XSS vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service...

CVE-2011-4816

SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and...

CVE-2011-4818

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component...

CVE-2011-1395

Cross-site scripting XSS vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter...

CVE-2011-1394

IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database CCMDB 6.2, 7.1, and 7.2 all...

CVE-2011-1396

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component...

CVE-2011-1397

Cross-site request forgery CSRF vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM...

CVE-2011-4818

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component...

Cross site scripting

Cross-site scripting XSS vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component...

Cross site scripting

Cross-site scripting XSS vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service...