CVE-2012-3333

CVE-2012-3333 affects IBM Maximo Asset Management and SmartCloud Control Desk via a CRLF injection that allows HTTP header manipulation and HTTP response splitting through crafted URL parameters. Affected products include Maximo Asset Management and related variants across 7.5/7.1/6.2 lines and S...

CVE-2013-6738

Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...

CVE-2013-6738

CVE-2013-6738 is an XSS vulnerability in IBM SmartCloud Analytics Log Analysis (OAuth endpoint) and in IBM WebSphere Application Server OAuth functionality. The initial entry states that IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 prior to 1.2.0.0-CSI-SCALA-IF0003 can be exploited to inject...

CVE-2013-6738

Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...

CVE-2013-5402

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 befo...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 befo...

CVE-2013-5402

CVE-2013-5402 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management and related IBM products (Asset Management Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; SmartCloud Control Desk; Tivoli Asset Management for IT; Tivol...

CVE-2013-5402

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 befo...

CVE-2013-5455

IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems.delete command...

Arbitrary file deletion

IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems.delete command...

CVE-2013-5455

Summary: IBM SmartCloud Provisioning 2.1 before FP3 IF0001 is vulnerable to an unaffordable remote-authenticated command that can delete or modify virtual-system deployments via the deployer.virtualsystems CLI (example: delete). The issue affects the CLI (not GUI) and can be triggered by commands...

CVE-2013-5455

IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems.delete command...

CVE-2012-3321

IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management...

Cross site scripting

Cross-site scripting XSS vulnerability in the Tivoli Process Automation Engine TPAE in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk...

Design/Logic Flaw

IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password...

Design/Logic Flaw

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors...

Code injection

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation...

CVE-2012-3321

IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password...