| Vulnerability Name: | CVE-2016-5905 (CCN-115522) | ||||||||||||
| Assigned: | 2016-09-30 | ||||||||||||
| Published: | 2016-09-30 | ||||||||||||
| Updated: | 2016-11-30 | ||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-5905 Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21988253 Source: CCN Type: IBM Security Bulletin 1988253 (Maximo Asset Management) IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2016-5905) Source: BID Type: Third Party Advisory, VDB Entry 93871 Source: CCN Type: BID-93871 IBM Maximo Asset Management CVE-2016-5905 Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN ibm-maximo-cve20165905-xss(115522) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||