Vulnerability Details CVE-2022-35645
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.3%
CVSS Severity
CVSS v3 Score 6.4
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/230958
- https://www.ibm.com/support/pages/node/6959353
- https://www.ibm.com/support/pages/node/6959355
- https://exchange.xforce.ibmcloud.com/vulnerabilities/230958
- https://www.ibm.com/support/pages/node/6959353
- https://www.ibm.com/support/pages/node/6959355
Products affected by CVE-2022-35645
-
cpe:2.3:a:ibm:maximo_application_suite:8.8.0
-
cpe:2.3:a:ibm:maximo_application_suite:8.9.0
-
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1
-
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.2
-
cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3