Lucene search

[email protected]CVE-2012-3328

HistoryFeb 20, 2013 - 12:09 p.m.

CVE-2012-3328

2013-02-2012:09:22

CWE-79

[email protected]

web.nvd.nist.gov

ibm

maximo asset management

xss

vulnerability

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.

Affected configurations

NVD

Node

ibmchange_and_configuration_management_databaseMatch7.1.

ibmchange_and_configuration_management_databaseMatch7.2.0

ibmmaximo_asset_managementMatch7.1

ibmmaximo_asset_management_essentialsMatch7.1

ibmtivoli_asset_management_for_itMatch7.1

ibmtivoli_asset_management_for_itMatch7.2

ibmtivoli_service_request_managerMatch7.1.0

ibmtivoli_service_request_managerMatch7.1.0.0

ibmtivoli_service_request_managerMatch7.2.0.0

CPENameOperatorVersion
ibm:change_and_configuration_management_databaseibm change and configuration management databaseeq7.1.
ibm:change_and_configuration_management_databaseibm change and configuration management databaseeq7.2.0
ibm:maximo_asset_managementibm maximo asset managementeq7.1
ibm:maximo_asset_management_essentialsibm maximo asset management essentialseq7.1
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq7.1
ibm:tivoli_asset_management_for_itibm tivoli asset management for iteq7.2
ibm:tivoli_service_request_manageribm tivoli service request managereq7.1.0
ibm:tivoli_service_request_manageribm tivoli service request managereq7.1.0.0
ibm:tivoli_service_request_manageribm tivoli service request managereq7.2.0.0

CPE	Name	Operator	Version
ibm:change_and_configuration_management_database	ibm change and configuration management database	eq	7.1.
ibm:change_and_configuration_management_database	ibm change and configuration management database	eq	7.2.0
ibm:maximo_asset_management	ibm maximo asset management	eq	7.1
ibm:maximo_asset_management_essentials	ibm maximo asset management essentials	eq	7.1
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	7.1
ibm:tivoli_asset_management_for_it	ibm tivoli asset management for it	eq	7.2
ibm:tivoli_service_request_manager	ibm tivoli service request manager	eq	7.1.0
ibm:tivoli_service_request_manager	ibm tivoli service request manager	eq	7.1.0.0
ibm:tivoli_service_request_manager	ibm tivoli service request manager	eq	7.2.0.0

References

www-01.ibm.com/support/docview.wss?uid=swg1IV20823

www-01.ibm.com/support/docview.wss?uid=swg21625624

exchange.xforce.ibmcloud.com/vulnerabilities/78040

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

Related for CVE-2012-3328

nvd1 prion1 cvelist1