| Vulnerability Name: | CVE-2012-0746 (CCN-74726) | ||||||||
| Assigned: | 2012-09-04 | ||||||||
| Published: | 2012-09-04 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0746 Source: CCN Type: SA50551 IBM Maximo Asset Management Products Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 50551 Source: AIXAPAR Type: UNKNOWN IV17961 Source: CCN Type: IBM Security Bulletin 1610081 Security Vulnerabilities Addressed in Asset and Service Mgmt Source: CONFIRM Type: UNKNOWN http://www-01.ibm.com/support/docview.wss?uid=swg21610081 Source: XF Type: UNKNOWN multiple-ibm-url-xss(74726) Source: XF Type: UNKNOWN ibm-maximo-xss-iv17961(74726) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||