Cross site scripting

2017-05-2616:29:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.7%

JSON

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.

CPENameOperatorVersion
maximo_asset_managementeq7.5
maximo_asset_managementeq7.6
maximo_asset_management_essentialseq7.5

Name	Operator	Version
maximo_asset_management	eq	7.5
maximo_asset_management	eq	7.6
maximo_asset_management_essentials	eq	7.5

References

www.ibm.com/support/docview.wss?uid=swg22003413

exchange.xforce.ibmcloud.com/vulnerabilities/125152