First published: Tue Oct 01 2013(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Maximo Asset Management | =7.5.0.0 | |
IBM Maximo Asset Management | =7.5.0.1 | |
IBM Maximo Asset Management | =7.5.0.2 | |
IBM Maximo Asset Management | =6.2 | |
IBM Maximo Asset Management | =6.2.1 | |
IBM Maximo Asset Management | =6.2.2 | |
IBM Maximo Asset Management | =6.2.3 | |
IBM Maximo Asset Management | =6.2.4 | |
IBM Maximo Asset Management | =6.2.5 | |
IBM Maximo Asset Management | =6.2.6 | |
IBM Maximo Asset Management | =6.2.6.1 | |
IBM Maximo Asset Management | =6.2.7 | |
IBM Maximo Asset Management | =7.1 | |
IBM Maximo Asset Management | =7.1.1 | |
IBM Maximo Asset Management | =7.1.1.1 | |
IBM Maximo Asset Management | =7.1.1.2 | |
IBM Maximo Asset Management | =7.1.1.5 | |
IBM Maximo Asset Management | =7.1.1.6 | |
IBM Maximo Asset Management | =7.1.1.7 | |
IBM Maximo Asset Management | =7.1.1.8 | |
IBM Maximo Asset Management | =7.1.1.9 | |
IBM Maximo Asset Management | =7.1.1.10 | |
IBM Maximo Asset Management | =7.1.1.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE-2013-3048 vulnerability is considered to have a medium severity due to its potential for cross-site scripting attacks.
To fix CVE-2013-3048, update IBM Maximo Asset Management to version 7.5.0.3 or later, or apply available patches provided by IBM.
CVE-2013-3048 affects IBM Maximo Asset Management versions 6.2 through 6.2.8 and 7.1 through 7.1.1.12, along with any versions before 7.5.0.3.
CVE-2013-3048 can enable remote authenticated users to inject arbitrary web scripts or HTML, leading to cross-site scripting (XSS) attacks.
Exploitation of CVE-2013-3048 is relatively easy for authenticated users, as it requires no special access beyond user authentication.