Lucene search

[email protected]NVD:CVE-2014-3025

HistoryJul 30, 2014 - 11:15 a.m.

CVE-2014-3025

2014-07-3011:15:33

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.

Affected configurations

Nvd

Node

ibmmaximo_asset_managementMatch6.2

ibmmaximo_asset_managementMatch6.2.1

ibmmaximo_asset_managementMatch6.2.2

ibmmaximo_asset_managementMatch6.2.3

ibmmaximo_asset_managementMatch6.2.4

ibmmaximo_asset_managementMatch6.2.5

ibmmaximo_asset_managementMatch6.2.6

ibmmaximo_asset_managementMatch6.2.6.1

ibmmaximo_asset_managementMatch6.2.7

ibmmaximo_asset_managementMatch6.2.8

ibmmaximo_asset_managementMatch7.1

ibmmaximo_asset_managementMatch7.1.1

ibmmaximo_asset_managementMatch7.1.1.1

ibmmaximo_asset_managementMatch7.1.1.2

ibmmaximo_asset_managementMatch7.1.1.5

ibmmaximo_asset_managementMatch7.1.1.6

ibmmaximo_asset_managementMatch7.1.1.7

ibmmaximo_asset_managementMatch7.1.1.8

ibmmaximo_asset_managementMatch7.1.1.9

ibmmaximo_asset_managementMatch7.1.1.10

ibmmaximo_asset_managementMatch7.1.1.11

ibmmaximo_asset_managementMatch7.1.1.12

ibmmaximo_asset_managementMatch7.1.2

ibmmaximo_asset_managementMatch7.5.0.0

ibmmaximo_asset_managementMatch7.5.0.1

ibmmaximo_asset_managementMatch7.5.0.2

ibmmaximo_asset_managementMatch7.5.0.3

ibmmaximo_asset_managementMatch7.5.0.4

ibmmaximo_asset_managementMatch7.5.0.5

ibmmaximo_asset_managementMatch7.5.0.6

ibmmaximo_asset_managementMatch7.5.0.10

ibmmaximo_asset_management_essentialsRange≤7.5.0.6

ibmmaximo_asset_management_essentialsMatch6.2.0.0

ibmmaximo_asset_management_essentialsMatch7.1

ibmmaximo_asset_management_essentialsMatch7.5.0.0

ibmmaximo_asset_management_essentialsMatch7.5.0.1

ibmmaximo_asset_management_essentialsMatch7.5.0.2

ibmmaximo_asset_management_essentialsMatch7.5.0.3

ibmmaximo_asset_management_essentialsMatch7.5.0.4

ibmmaximo_asset_management_essentialsMatch7.5.0.5

ibmmaximo_for_governmentRange≤7.5.0.6

ibmmaximo_for_governmentMatch7.1

ibmmaximo_for_governmentMatch7.5.0.0

ibmmaximo_for_governmentMatch7.5.0.1

ibmmaximo_for_governmentMatch7.5.0.2

ibmmaximo_for_governmentMatch7.5.0.3

ibmmaximo_for_governmentMatch7.5.0.4

ibmmaximo_for_governmentMatch7.5.0.5

ibmmaximo_for_life_sciencesRange≤7.5.0.6

ibmmaximo_for_life_sciencesMatch7.1

ibmmaximo_for_life_sciencesMatch7.5.0.0

ibmmaximo_for_life_sciencesMatch7.5.0.1

ibmmaximo_for_life_sciencesMatch7.5.0.2

ibmmaximo_for_life_sciencesMatch7.5.0.3

ibmmaximo_for_life_sciencesMatch7.5.0.4

ibmmaximo_for_life_sciencesMatch7.5.0.5

ibmmaximo_for_nuclear_powerRange≤7.5.0.6

ibmmaximo_for_nuclear_powerMatch7.1

ibmmaximo_for_nuclear_powerMatch7.5.0.0

ibmmaximo_for_nuclear_powerMatch7.5.0.1

ibmmaximo_for_nuclear_powerMatch7.5.0.2

ibmmaximo_for_nuclear_powerMatch7.5.0.3

ibmmaximo_for_nuclear_powerMatch7.5.0.4

ibmmaximo_for_nuclear_powerMatch7.5.0.5

ibmmaximo_for_oil_and_gasRange≤7.5.0.6

ibmmaximo_for_oil_and_gasMatch7.1

ibmmaximo_for_oil_and_gasMatch7.5.0.0

ibmmaximo_for_oil_and_gasMatch7.5.0.1

ibmmaximo_for_oil_and_gasMatch7.5.0.2

ibmmaximo_for_oil_and_gasMatch7.5.0.3

ibmmaximo_for_oil_and_gasMatch7.5.0.4

ibmmaximo_for_oil_and_gasMatch7.5.0.5

ibmmaximo_for_transportationRange≤7.5.0.6

ibmmaximo_for_transportationMatch7.1

ibmmaximo_for_transportationMatch7.5.0.0

ibmmaximo_for_transportationMatch7.5.0.1

ibmmaximo_for_transportationMatch7.5.0.2

ibmmaximo_for_transportationMatch7.5.0.3

ibmmaximo_for_transportationMatch7.5.0.4

ibmmaximo_for_transportationMatch7.5.0.5

ibmmaximo_for_utilitiesRange≤7.5.0.6

ibmmaximo_for_utilitiesMatch7.1

ibmmaximo_for_utilitiesMatch7.5.0.0

ibmmaximo_for_utilitiesMatch7.5.0.1

ibmmaximo_for_utilitiesMatch7.5.0.2

ibmmaximo_for_utilitiesMatch7.5.0.3

ibmmaximo_for_utilitiesMatch7.5.0.4

ibmmaximo_for_utilitiesMatch7.5.0.5

ibmmaximo_service_deskRange≤6.2.8

ibmsmartcloud_control_deskRange≤7.5.0.6

ibmsmartcloud_control_deskMatch7.5

ibmsmartcloud_control_deskMatch7.5.0.0

ibmsmartcloud_control_deskMatch7.5.0.1

ibmsmartcloud_control_deskMatch7.5.0.2

ibmsmartcloud_control_deskMatch7.5.0.3

ibmsmartcloud_control_deskMatch7.5.1.0

ibmsmartcloud_control_deskMatch7.5.1.1

ibmsmartcloud_control_deskMatch7.5.1.2

ibmtivoli_it_asset_management_for_itRange≤6.2.8

VendorProductVersionCPE
ibmmaximo_asset_management6.2cpe:2.3:a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.1cpe:2.3:a:ibm:maximo_asset_management:6.2.1:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.2cpe:2.3:a:ibm:maximo_asset_management:6.2.2:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.3cpe:2.3:a:ibm:maximo_asset_management:6.2.3:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.4cpe:2.3:a:ibm:maximo_asset_management:6.2.4:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.5cpe:2.3:a:ibm:maximo_asset_management:6.2.5:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.6cpe:2.3:a:ibm:maximo_asset_management:6.2.6:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.6.1cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.7cpe:2.3:a:ibm:maximo_asset_management:6.2.7:*:*:*:*:*:*:*
ibmmaximo_asset_management6.2.8cpe:2.3:a:ibm:maximo_asset_management:6.2.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	maximo_asset_management	6.2	cpe:2.3:a:ibm:maximo_asset_management:6.2:::::::*
ibm	maximo_asset_management	6.2.1	cpe:2.3:a:ibm:maximo_asset_management:6.2.1:::::::*
ibm	maximo_asset_management	6.2.2	cpe:2.3:a:ibm:maximo_asset_management:6.2.2:::::::*
ibm	maximo_asset_management	6.2.3	cpe:2.3:a:ibm:maximo_asset_management:6.2.3:::::::*
ibm	maximo_asset_management	6.2.4	cpe:2.3:a:ibm:maximo_asset_management:6.2.4:::::::*
ibm	maximo_asset_management	6.2.5	cpe:2.3:a:ibm:maximo_asset_management:6.2.5:::::::*
ibm	maximo_asset_management	6.2.6	cpe:2.3:a:ibm:maximo_asset_management:6.2.6:::::::*
ibm	maximo_asset_management	6.2.6.1	cpe:2.3:a:ibm:maximo_asset_management:6.2.6.1:::::::*
ibm	maximo_asset_management	6.2.7	cpe:2.3:a:ibm:maximo_asset_management:6.2.7:::::::*
ibm	maximo_asset_management	6.2.8	cpe:2.3:a:ibm:maximo_asset_management:6.2.8:::::::*

Rows per page:

1-10 of 991

References

secunia.com/advisories/59570

secunia.com/advisories/59640

www-01.ibm.com/support/docview.wss?uid=swg1IV57241

www-01.ibm.com/support/docview.wss?uid=swg21678754

exchange.xforce.ibmcloud.com/vulnerabilities/93064

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.2%

JSON

Related for NVD:CVE-2014-3025

prion1 cvelist1 ibm1 cve1