Vulnerability Details CVE-2016-6072
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2016-6072
-
cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0
-
cpe:2.3:a:ibm:maximo_for_aviation:-
-
cpe:2.3:a:ibm:maximo_for_life_sciences:-
-
cpe:2.3:a:ibm:maximo_for_nuclear_power:-
-
cpe:2.3:a:ibm:maximo_for_oil_and_gas:-
-
cpe:2.3:a:ibm:maximo_for_transportation:-
-
cpe:2.3:a:ibm:maximo_for_utilities:-
-
cpe:2.3:a:ibm:smartcloud_control_desk:-
-
cpe:2.3:a:ibm:tivoli_asset_management_for_it:-
-
cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:-
-
cpe:2.3:a:ibm:tivoli_integration_composer:-
-
cpe:2.3:a:ibm:tivoli_service_request_manager:-