IBM » Tivoli Service Request Manager : Security Vulnerabilities, CVEs, Published In 2017
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-02-01
Updated
2017-02-09
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.11%
Published
2017-04-24
Updated
2017-04-27
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-04-24
Updated
2017-04-27
3 vulnerabilities found