CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Ibm: >> Maximo Asset Management >> 7.5 Security Vulnerabilities

CVE-2011-1396

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.

CVSS Score

4.3

EPSS Score

0.003

Published

2012-03-13

CVE-2011-1397

Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.

CVSS Score

6.8

EPSS Score

0.002

Published

2012-03-13

Page 4

Vulnerabilities

Vulnerable Software

Ibm: >> Maximo Asset Management >> 7.5 Security Vulnerabilities

Products

Pricing

Contact Us