CVE-2012-0746

CVE-2012-0746 is an in-product Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management 7.5 and related IBM products such as SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB. The issue is described as all...

CVE-2012-0728

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote authenticated users to execute...

CVE-2012-0714

IBM Maximo-related CVE-2012-0714 is a Cross-Site Request Forgery affecting Maximo Asset Management 6.2–7.5 (and related IBM products such as SmartCloud Control Desk, Tivoli AIT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The IBM bulletin confirms the root cause as CSRF that ...

CVE-2012-3326

Summary: CVE-2012-3326 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management 7.5 and related products (SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, CCMDB). The issue arises in the web interface allowing...

CVE-2012-0727

CVE-2012-0727 is an SQL injection vulnerability affecting IBM Maximo Asset Management family (7.5, 7.1, 6.2) and related products (SmartCloud Control Desk, Tivoli AIM, Tivoli Service Request Manager, Maximo Service Desk, CCMDB). The root cause is SQL injection in certain components, allowing remo...

CVE-2012-3313

CVE-2012-3313 is an XSS vulnerability in IBM Maximo Asset Management 6.2–7.5 (and related products such as SmartCloud Control Desk, Tivoli AM for IT, TS RM, Maximo Service Desk, and CCMDB). The issue allows an attacker to inject arbitrary web script/HTML via unspecified vectors in affected deploy...

CVE-2012-2183

IBM’s advisory confirms CVE-2012-2183 is a session-fixation vulnerability affecting IBM Maximo Asset Management products (7.5, 7.1, 6.2) and related offerings (SmartCloud Control Desk, Tivoli IT/Service Request Manager, Maximo Service Desk, CCMDB). The issue originates from how web sessions are e...

CVE-2012-0747

CVE-2012-0747 is an SQL injection vulnerability affecting IBM Maximo Asset Management across versions 6.2 through 7.5 (and enabled in related products such as SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The issue allows...

CVE-2012-3326

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote attackers to inject arbitrary w...