Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0108

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-0108
Last Modified 18 Feb 2015 01:34:19
Published 17 Feb 2015 09:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0108

Summary

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109.

Vulnerable Systems

Application

  • Ibm Change And Configuration Management Database 7.1

  • Ibm Change And Configuration Management Database 7.2

  • Ibm Maximo Asset Management 7.1

  • Ibm Maximo Asset Management 7.1.1

  • Ibm Maximo Asset Management 7.1.1.1

  • Ibm Maximo Asset Management 7.1.1.2

  • Ibm Maximo Asset Management 7.1.1.5

  • Ibm Maximo Asset Management 7.1.1.6

  • Ibm Maximo Asset Management 7.1.1.7

  • Ibm Maximo Asset Management 7.1.1.8

  • Ibm Maximo Asset Management Essentials 7.1

  • Ibm Maximo For Government 7.1

  • Ibm Maximo For Life Sciences 7.1

  • Ibm Maximo For Nuclear Power 7.1

  • Ibm Maximo For Oil And Gas 7.1

  • Ibm Maximo For Transportation 7.1

  • Ibm Maximo For Utilities 7.1

  • Ibm Tivoli Asset Management For It 7.1

  • Ibm Tivoli Asset Management For It 7.2

  • Ibm Tivoli Service Request Manager 7.1

  • Ibm Tivoli Service Request Manager 7.2


References

XF - ibm-tsam-cve20150108-xss(99605)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21694974


Last Updated: 27 May 2016 11:07:52