CVE-2014-0915: XSS
First published: Wed Jul 30 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =6.2 | |
| IBM Maximo Asset Management | =6.2.1 | |
| IBM Maximo Asset Management | =6.2.2 | |
| IBM Maximo Asset Management | =6.2.3 | |
| IBM Maximo Asset Management | =6.2.4 | |
| IBM Maximo Asset Management | =6.2.5 | |
| IBM Maximo Asset Management | =6.2.6 | |
| IBM Maximo Asset Management | =6.2.6.1 | |
| IBM Maximo Asset Management | =6.2.7 | |
| IBM Maximo Asset Management | =6.2.8 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.1.1 | |
| IBM Maximo Asset Management | =7.1.1.1 | |
| IBM Maximo Asset Management | =7.1.1.2 | |
| IBM Maximo Asset Management | =7.1.1.5 | |
| IBM Maximo Asset Management | =7.1.1.6 | |
| IBM Maximo Asset Management | =7.1.1.7 | |
| IBM Maximo Asset Management | =7.1.1.8 | |
| IBM Maximo Asset Management | =7.1.1.9 | |
| IBM Maximo Asset Management | =7.1.1.10 | |
| IBM Maximo Asset Management | =7.1.1.11 | |
| IBM Maximo Asset Management | =7.1.1.12 | |
| IBM Maximo Asset Management | =7.1.2 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Asset Management | =7.5.0.1 | |
| IBM Maximo Asset Management | =7.5.0.2 | |
| IBM Maximo Asset Management | =7.5.0.3 | |
| IBM Maximo Asset Management | =7.5.0.4 | |
| IBM Maximo Asset Management | =7.5.0.5 | |
| IBM Maximo Asset Management | =7.5.0.6 | |
| IBM Maximo Asset Management | =7.5.0.10 | |
| IBM Maximo Asset Management Essentials | <=7.5.0.6 | |
| IBM Maximo Asset Management Essentials | =6.2.0.0 | |
| IBM Maximo Asset Management Essentials | =7.1 | |
| IBM Maximo Asset Management Essentials | =7.5.0.0 | |
| IBM Maximo Asset Management Essentials | =7.5.0.1 | |
| IBM Maximo Asset Management Essentials | =7.5.0.2 | |
| IBM Maximo Asset Management Essentials | =7.5.0.3 | |
| IBM Maximo Asset Management Essentials | =7.5.0.4 | |
| IBM Maximo Asset Management Essentials | =7.5.0.5 | |
| IBM Maximo For Government | <=7.5.0.6 | |
| IBM Maximo For Government | =7.1 | |
| IBM Maximo For Government | =7.5.0.0 | |
| IBM Maximo For Government | =7.5.0.1 | |
| IBM Maximo For Government | =7.5.0.2 | |
| IBM Maximo For Government | =7.5.0.3 | |
| IBM Maximo For Government | =7.5.0.4 | |
| IBM Maximo For Government | =7.5.0.5 | |
| IBM Maximo for Life Sciences | <=7.5.0.6 | |
| IBM Maximo for Life Sciences | =7.1 | |
| IBM Maximo for Life Sciences | =7.5.0.0 | |
| IBM Maximo for Life Sciences | =7.5.0.1 | |
| IBM Maximo for Life Sciences | =7.5.0.2 | |
| IBM Maximo for Life Sciences | =7.5.0.3 | |
| IBM Maximo for Life Sciences | =7.5.0.4 | |
| IBM Maximo for Life Sciences | =7.5.0.5 | |
| IBM Maximo for Nuclear Power | <=7.5.0.6 | |
| IBM Maximo for Nuclear Power | =7.1 | |
| IBM Maximo for Nuclear Power | =7.5.0.0 | |
| IBM Maximo for Nuclear Power | =7.5.0.1 | |
| IBM Maximo for Nuclear Power | =7.5.0.2 | |
| IBM Maximo for Nuclear Power | =7.5.0.3 | |
| IBM Maximo for Nuclear Power | =7.5.0.4 | |
| IBM Maximo for Nuclear Power | =7.5.0.5 | |
| IBM Maximo for Oil and Gas | <=7.5.0.6 | |
| IBM Maximo for Oil and Gas | =7.1 | |
| IBM Maximo for Oil and Gas | =7.5.0.0 | |
| IBM Maximo for Oil and Gas | =7.5.0.1 | |
| IBM Maximo for Oil and Gas | =7.5.0.2 | |
| IBM Maximo for Oil and Gas | =7.5.0.3 | |
| IBM Maximo for Oil and Gas | =7.5.0.4 | |
| IBM Maximo for Oil and Gas | =7.5.0.5 | |
| IBM Maximo for Transportation | <=7.5.0.6 | |
| IBM Maximo for Transportation | =7.1 | |
| IBM Maximo for Transportation | =7.5.0.0 | |
| IBM Maximo for Transportation | =7.5.0.1 | |
| IBM Maximo for Transportation | =7.5.0.2 | |
| IBM Maximo for Transportation | =7.5.0.3 | |
| IBM Maximo for Transportation | =7.5.0.4 | |
| IBM Maximo for Transportation | =7.5.0.5 | |
| IBM Maximo for Utilities | <=7.5.0.6 | |
| IBM Maximo for Utilities | =7.1 | |
| IBM Maximo for Utilities | =7.5.0.0 | |
| IBM Maximo for Utilities | =7.5.0.1 | |
| IBM Maximo for Utilities | =7.5.0.2 | |
| IBM Maximo for Utilities | =7.5.0.3 | |
| IBM Maximo for Utilities | =7.5.0.4 | |
| IBM Maximo for Utilities | =7.5.0.5 | |
| IBM Maximo Service Desk | <=6.2.8 | |
| IBM Control Desk | <=7.5.0.6 | |
| IBM Control Desk | =7.5 | |
| IBM Control Desk | =7.5.0.0 | |
| IBM Control Desk | =7.5.0.1 | |
| IBM Control Desk | =7.5.0.2 | |
| IBM Control Desk | =7.5.0.3 | |
| IBM Control Desk | =7.5.1.0 | |
| IBM Control Desk | =7.5.1.1 | |
| IBM Control Desk | =7.5.1.2 | |
| IBM Tivoli IT Asset Management for IT | <=6.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/59570
- http://secunia.com/advisories/59640
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680
- http://www-01.ibm.com/support/docview.wss?uid=swg21678894
- http://www.securityfocus.com/archive/1/533110/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91884
Frequently Asked Questions
What is the severity of CVE-2014-0915?
CVE-2014-0915 is classified as a medium severity vulnerability due to its exploitation potential for cross-site scripting.
How do I fix CVE-2014-0915?
To fix CVE-2014-0915, IBM recommends applying the relevant patches and updates for affected versions of Maximo Asset Management.
What software is affected by CVE-2014-0915?
CVE-2014-0915 affects IBM Maximo Asset Management versions from 6.2 through 7.5.0.6, including Maximo for Utilities and other related products.
Can CVE-2014-0915 lead to data breaches?
Yes, the vulnerabilities in CVE-2014-0915 could potentially allow attackers to execute malicious scripts, leading to data breaches.
Is CVE-2014-0915 related to user input?
Yes, CVE-2014-0915 is related to improper handling of user input, which can enable cross-site scripting attacks.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/6.2
- version/ibm maximo asset management/6.2.1
- version/ibm maximo asset management/6.2.2
- version/ibm maximo asset management/6.2.3
- version/ibm maximo asset management/6.2.4
- version/ibm maximo asset management/6.2.5
- version/ibm maximo asset management/6.2.6
- version/ibm maximo asset management/6.2.6.1
- version/ibm maximo asset management/6.2.7
- version/ibm maximo asset management/6.2.8
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.1.1
- version/ibm maximo asset management/7.1.1.1
- version/ibm maximo asset management/7.1.1.2
- version/ibm maximo asset management/7.1.1.5
- version/ibm maximo asset management/7.1.1.6
- version/ibm maximo asset management/7.1.1.7
- version/ibm maximo asset management/7.1.1.8
- version/ibm maximo asset management/7.1.1.9
- version/ibm maximo asset management/7.1.1.10
- version/ibm maximo asset management/7.1.1.11
- version/ibm maximo asset management/7.1.1.12
- version/ibm maximo asset management/7.1.2
- version/ibm maximo asset management/7.5.0.0
- version/ibm maximo asset management/7.5.0.1
- version/ibm maximo asset management/7.5.0.2
- version/ibm maximo asset management/7.5.0.3
- version/ibm maximo asset management/7.5.0.4
- version/ibm maximo asset management/7.5.0.5
- version/ibm maximo asset management/7.5.0.6
- version/ibm maximo asset management/7.5.0.10
- canonical/ibm maximo asset management essentials
- version/ibm maximo asset management essentials/7.5.0.6
- version/ibm maximo asset management essentials/6.2.0.0
- version/ibm maximo asset management essentials/7.1
- version/ibm maximo asset management essentials/7.5.0.0
- version/ibm maximo asset management essentials/7.5.0.1
- version/ibm maximo asset management essentials/7.5.0.2
- version/ibm maximo asset management essentials/7.5.0.3
- version/ibm maximo asset management essentials/7.5.0.4
- version/ibm maximo asset management essentials/7.5.0.5
- canonical/ibm maximo for government
- version/ibm maximo for government/7.5.0.6
- version/ibm maximo for government/7.1
- version/ibm maximo for government/7.5.0.0
- version/ibm maximo for government/7.5.0.1
- version/ibm maximo for government/7.5.0.2
- version/ibm maximo for government/7.5.0.3
- version/ibm maximo for government/7.5.0.4
- version/ibm maximo for government/7.5.0.5
- canonical/ibm maximo for life sciences
- version/ibm maximo for life sciences/7.5.0.6
- version/ibm maximo for life sciences/7.1
- version/ibm maximo for life sciences/7.5.0.0
- version/ibm maximo for life sciences/7.5.0.1
- version/ibm maximo for life sciences/7.5.0.2
- version/ibm maximo for life sciences/7.5.0.3
- version/ibm maximo for life sciences/7.5.0.4
- version/ibm maximo for life sciences/7.5.0.5
- canonical/ibm maximo for nuclear power
- version/ibm maximo for nuclear power/7.5.0.6
- version/ibm maximo for nuclear power/7.1
- version/ibm maximo for nuclear power/7.5.0.0
- version/ibm maximo for nuclear power/7.5.0.1
- version/ibm maximo for nuclear power/7.5.0.2
- version/ibm maximo for nuclear power/7.5.0.3
- version/ibm maximo for nuclear power/7.5.0.4
- version/ibm maximo for nuclear power/7.5.0.5
- canonical/ibm maximo for oil and gas
- version/ibm maximo for oil and gas/7.5.0.6
- version/ibm maximo for oil and gas/7.1
- version/ibm maximo for oil and gas/7.5.0.0
- version/ibm maximo for oil and gas/7.5.0.1
- version/ibm maximo for oil and gas/7.5.0.2
- version/ibm maximo for oil and gas/7.5.0.3
- version/ibm maximo for oil and gas/7.5.0.4
- version/ibm maximo for oil and gas/7.5.0.5
- canonical/ibm maximo for transportation
- version/ibm maximo for transportation/7.5.0.6
- version/ibm maximo for transportation/7.1
- version/ibm maximo for transportation/7.5.0.0
- version/ibm maximo for transportation/7.5.0.1
- version/ibm maximo for transportation/7.5.0.2
- version/ibm maximo for transportation/7.5.0.3
- version/ibm maximo for transportation/7.5.0.4
- version/ibm maximo for transportation/7.5.0.5
- canonical/ibm maximo for utilities
- version/ibm maximo for utilities/7.5.0.6
- version/ibm maximo for utilities/7.1
- version/ibm maximo for utilities/7.5.0.0
- version/ibm maximo for utilities/7.5.0.1
- version/ibm maximo for utilities/7.5.0.2
- version/ibm maximo for utilities/7.5.0.3
- version/ibm maximo for utilities/7.5.0.4
- version/ibm maximo for utilities/7.5.0.5
- canonical/ibm maximo service desk
- version/ibm maximo service desk/6.2.8
- canonical/ibm control desk
- version/ibm control desk/7.5.0.6
- version/ibm control desk/7.5
- version/ibm control desk/7.5.0.0
- version/ibm control desk/7.5.0.1
- version/ibm control desk/7.5.0.2
- version/ibm control desk/7.5.0.3
- version/ibm control desk/7.5.1.0
- version/ibm control desk/7.5.1.1
- version/ibm control desk/7.5.1.2
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/6.2.8