CVE-2012-0746: XSS
First published: Mon Sep 10 2012(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Tivoli Change and Configuration Management Database | =6.0 | |
| IBM Tivoli Change and Configuration Management Database | =7.0 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Service Desk | =6.2 | |
| IBM Control Desk | =7.0 | |
| IBM Tivoli IT Asset Management for IT | =6.0 | |
| IBM Tivoli IT Asset Management for IT | =6.2 | |
| IBM Tivoli IT Asset Management for IT | =7.0 | |
| IBM Tivoli IT Asset Management for IT | =7.1 | |
| IBM Tivoli IT Asset Management for IT | =7.2 | |
| Ibm Tivoli Service Request Manager | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0746?
CVE-2012-0746 is classified as a medium-severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2012-0746?
To mitigate CVE-2012-0746, update your IBM Maximo Asset Management and related applications to the latest version that addresses this vulnerability.
Which products are affected by CVE-2012-0746?
CVE-2012-0746 affects IBM Maximo Asset Management 7.5 and several related products such as IBM SmartCloud Control Desk and Tivoli Asset Management.
Who is at risk from CVE-2012-0746?
Remote authenticated users who interact with the affected IBM products may be at risk from CVE-2012-0746.
What impact does CVE-2012-0746 have?
CVE-2012-0746 could allow an attacker to inject malicious scripts into web pages viewed by other users.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm tivoli change and configuration management database
- version/ibm tivoli change and configuration management database/6.0
- version/ibm tivoli change and configuration management database/7.0
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.5.0.0
- canonical/ibm maximo service desk
- version/ibm maximo service desk/6.2
- canonical/ibm control desk
- version/ibm control desk/7.0
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/6.0
- version/ibm tivoli it asset management for it/6.2
- version/ibm tivoli it asset management for it/7.0
- version/ibm tivoli it asset management for it/7.1
- version/ibm tivoli it asset management for it/7.2
- canonical/ibm tivoli service request manager
- version/ibm tivoli service request manager/7.0