CVE-2014-3025: XSS
First published: Wed Jul 30 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =6.2 | |
| IBM Maximo Asset Management | =6.2.1 | |
| IBM Maximo Asset Management | =6.2.2 | |
| IBM Maximo Asset Management | =6.2.3 | |
| IBM Maximo Asset Management | =6.2.4 | |
| IBM Maximo Asset Management | =6.2.5 | |
| IBM Maximo Asset Management | =6.2.6 | |
| IBM Maximo Asset Management | =6.2.6.1 | |
| IBM Maximo Asset Management | =6.2.7 | |
| IBM Maximo Asset Management | =6.2.8 | |
| IBM Maximo Asset Management | =7.1 | |
| IBM Maximo Asset Management | =7.1.1 | |
| IBM Maximo Asset Management | =7.1.1.1 | |
| IBM Maximo Asset Management | =7.1.1.2 | |
| IBM Maximo Asset Management | =7.1.1.5 | |
| IBM Maximo Asset Management | =7.1.1.6 | |
| IBM Maximo Asset Management | =7.1.1.7 | |
| IBM Maximo Asset Management | =7.1.1.8 | |
| IBM Maximo Asset Management | =7.1.1.9 | |
| IBM Maximo Asset Management | =7.1.1.10 | |
| IBM Maximo Asset Management | =7.1.1.11 | |
| IBM Maximo Asset Management | =7.1.1.12 | |
| IBM Maximo Asset Management | =7.1.2 | |
| IBM Maximo Asset Management | =7.5.0.0 | |
| IBM Maximo Asset Management | =7.5.0.1 | |
| IBM Maximo Asset Management | =7.5.0.2 | |
| IBM Maximo Asset Management | =7.5.0.3 | |
| IBM Maximo Asset Management | =7.5.0.4 | |
| IBM Maximo Asset Management | =7.5.0.5 | |
| IBM Maximo Asset Management | =7.5.0.6 | |
| IBM Maximo Asset Management | =7.5.0.10 | |
| IBM Maximo Asset Management Essentials | <=7.5.0.6 | |
| IBM Maximo Asset Management Essentials | =6.2.0.0 | |
| IBM Maximo Asset Management Essentials | =7.1 | |
| IBM Maximo Asset Management Essentials | =7.5.0.0 | |
| IBM Maximo Asset Management Essentials | =7.5.0.1 | |
| IBM Maximo Asset Management Essentials | =7.5.0.2 | |
| IBM Maximo Asset Management Essentials | =7.5.0.3 | |
| IBM Maximo Asset Management Essentials | =7.5.0.4 | |
| IBM Maximo Asset Management Essentials | =7.5.0.5 | |
| IBM Maximo For Government | <=7.5.0.6 | |
| IBM Maximo For Government | =7.1 | |
| IBM Maximo For Government | =7.5.0.0 | |
| IBM Maximo For Government | =7.5.0.1 | |
| IBM Maximo For Government | =7.5.0.2 | |
| IBM Maximo For Government | =7.5.0.3 | |
| IBM Maximo For Government | =7.5.0.4 | |
| IBM Maximo For Government | =7.5.0.5 | |
| IBM Maximo for Life Sciences | <=7.5.0.6 | |
| IBM Maximo for Life Sciences | =7.1 | |
| IBM Maximo for Life Sciences | =7.5.0.0 | |
| IBM Maximo for Life Sciences | =7.5.0.1 | |
| IBM Maximo for Life Sciences | =7.5.0.2 | |
| IBM Maximo for Life Sciences | =7.5.0.3 | |
| IBM Maximo for Life Sciences | =7.5.0.4 | |
| IBM Maximo for Life Sciences | =7.5.0.5 | |
| IBM Maximo for Nuclear Power | <=7.5.0.6 | |
| IBM Maximo for Nuclear Power | =7.1 | |
| IBM Maximo for Nuclear Power | =7.5.0.0 | |
| IBM Maximo for Nuclear Power | =7.5.0.1 | |
| IBM Maximo for Nuclear Power | =7.5.0.2 | |
| IBM Maximo for Nuclear Power | =7.5.0.3 | |
| IBM Maximo for Nuclear Power | =7.5.0.4 | |
| IBM Maximo for Nuclear Power | =7.5.0.5 | |
| IBM Maximo for Oil and Gas | <=7.5.0.6 | |
| IBM Maximo for Oil and Gas | =7.1 | |
| IBM Maximo for Oil and Gas | =7.5.0.0 | |
| IBM Maximo for Oil and Gas | =7.5.0.1 | |
| IBM Maximo for Oil and Gas | =7.5.0.2 | |
| IBM Maximo for Oil and Gas | =7.5.0.3 | |
| IBM Maximo for Oil and Gas | =7.5.0.4 | |
| IBM Maximo for Oil and Gas | =7.5.0.5 | |
| IBM Maximo for Transportation | <=7.5.0.6 | |
| IBM Maximo for Transportation | =7.1 | |
| IBM Maximo for Transportation | =7.5.0.0 | |
| IBM Maximo for Transportation | =7.5.0.1 | |
| IBM Maximo for Transportation | =7.5.0.2 | |
| IBM Maximo for Transportation | =7.5.0.3 | |
| IBM Maximo for Transportation | =7.5.0.4 | |
| IBM Maximo for Transportation | =7.5.0.5 | |
| IBM Maximo for Utilities | <=7.5.0.6 | |
| IBM Maximo for Utilities | =7.1 | |
| IBM Maximo for Utilities | =7.5.0.0 | |
| IBM Maximo for Utilities | =7.5.0.1 | |
| IBM Maximo for Utilities | =7.5.0.2 | |
| IBM Maximo for Utilities | =7.5.0.3 | |
| IBM Maximo for Utilities | =7.5.0.4 | |
| IBM Maximo for Utilities | =7.5.0.5 | |
| IBM Maximo Service Desk | <=6.2.8 | |
| IBM Control Desk | <=7.5.0.6 | |
| IBM Control Desk | =7.5 | |
| IBM Control Desk | =7.5.0.0 | |
| IBM Control Desk | =7.5.0.1 | |
| IBM Control Desk | =7.5.0.2 | |
| IBM Control Desk | =7.5.0.3 | |
| IBM Control Desk | =7.5.1.0 | |
| IBM Control Desk | =7.5.1.1 | |
| IBM Control Desk | =7.5.1.2 | |
| IBM Tivoli IT Asset Management for IT | <=6.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What are the consequences of CVE-2014-3025?
CVE-2014-3025 can lead to multiple cross-site scripting (XSS) vulnerabilities, allowing attackers to execute scripts in the context of the user's session.
What version of IBM Maximo Asset Management is affected by CVE-2014-3025?
IBM Maximo Asset Management versions 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6 are affected by CVE-2014-3025.
How do I fix CVE-2014-3025?
To fix CVE-2014-3025, apply the patches or updates provided by IBM for the affected versions of Maximo Asset Management.
Is CVE-2014-3025 a critical vulnerability?
CVE-2014-3025 is considered a high severity vulnerability due to its potential impact on user session security.
How can I prevent attacks exploiting CVE-2014-3025?
Mitigations for CVE-2014-3025 include implementing input validation, output encoding, and ensuring software is regularly updated.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/6.2
- version/ibm maximo asset management/6.2.1
- version/ibm maximo asset management/6.2.2
- version/ibm maximo asset management/6.2.3
- version/ibm maximo asset management/6.2.4
- version/ibm maximo asset management/6.2.5
- version/ibm maximo asset management/6.2.6
- version/ibm maximo asset management/6.2.6.1
- version/ibm maximo asset management/6.2.7
- version/ibm maximo asset management/6.2.8
- version/ibm maximo asset management/7.1
- version/ibm maximo asset management/7.1.1
- version/ibm maximo asset management/7.1.1.1
- version/ibm maximo asset management/7.1.1.2
- version/ibm maximo asset management/7.1.1.5
- version/ibm maximo asset management/7.1.1.6
- version/ibm maximo asset management/7.1.1.7
- version/ibm maximo asset management/7.1.1.8
- version/ibm maximo asset management/7.1.1.9
- version/ibm maximo asset management/7.1.1.10
- version/ibm maximo asset management/7.1.1.11
- version/ibm maximo asset management/7.1.1.12
- version/ibm maximo asset management/7.1.2
- version/ibm maximo asset management/7.5.0.0
- version/ibm maximo asset management/7.5.0.1
- version/ibm maximo asset management/7.5.0.2
- version/ibm maximo asset management/7.5.0.3
- version/ibm maximo asset management/7.5.0.4
- version/ibm maximo asset management/7.5.0.5
- version/ibm maximo asset management/7.5.0.6
- version/ibm maximo asset management/7.5.0.10
- canonical/ibm maximo asset management essentials
- version/ibm maximo asset management essentials/7.5.0.6
- version/ibm maximo asset management essentials/6.2.0.0
- version/ibm maximo asset management essentials/7.1
- version/ibm maximo asset management essentials/7.5.0.0
- version/ibm maximo asset management essentials/7.5.0.1
- version/ibm maximo asset management essentials/7.5.0.2
- version/ibm maximo asset management essentials/7.5.0.3
- version/ibm maximo asset management essentials/7.5.0.4
- version/ibm maximo asset management essentials/7.5.0.5
- canonical/ibm maximo for government
- version/ibm maximo for government/7.5.0.6
- version/ibm maximo for government/7.1
- version/ibm maximo for government/7.5.0.0
- version/ibm maximo for government/7.5.0.1
- version/ibm maximo for government/7.5.0.2
- version/ibm maximo for government/7.5.0.3
- version/ibm maximo for government/7.5.0.4
- version/ibm maximo for government/7.5.0.5
- canonical/ibm maximo for life sciences
- version/ibm maximo for life sciences/7.5.0.6
- version/ibm maximo for life sciences/7.1
- version/ibm maximo for life sciences/7.5.0.0
- version/ibm maximo for life sciences/7.5.0.1
- version/ibm maximo for life sciences/7.5.0.2
- version/ibm maximo for life sciences/7.5.0.3
- version/ibm maximo for life sciences/7.5.0.4
- version/ibm maximo for life sciences/7.5.0.5
- canonical/ibm maximo for nuclear power
- version/ibm maximo for nuclear power/7.5.0.6
- version/ibm maximo for nuclear power/7.1
- version/ibm maximo for nuclear power/7.5.0.0
- version/ibm maximo for nuclear power/7.5.0.1
- version/ibm maximo for nuclear power/7.5.0.2
- version/ibm maximo for nuclear power/7.5.0.3
- version/ibm maximo for nuclear power/7.5.0.4
- version/ibm maximo for nuclear power/7.5.0.5
- canonical/ibm maximo for oil and gas
- version/ibm maximo for oil and gas/7.5.0.6
- version/ibm maximo for oil and gas/7.1
- version/ibm maximo for oil and gas/7.5.0.0
- version/ibm maximo for oil and gas/7.5.0.1
- version/ibm maximo for oil and gas/7.5.0.2
- version/ibm maximo for oil and gas/7.5.0.3
- version/ibm maximo for oil and gas/7.5.0.4
- version/ibm maximo for oil and gas/7.5.0.5
- canonical/ibm maximo for transportation
- version/ibm maximo for transportation/7.5.0.6
- version/ibm maximo for transportation/7.1
- version/ibm maximo for transportation/7.5.0.0
- version/ibm maximo for transportation/7.5.0.1
- version/ibm maximo for transportation/7.5.0.2
- version/ibm maximo for transportation/7.5.0.3
- version/ibm maximo for transportation/7.5.0.4
- version/ibm maximo for transportation/7.5.0.5
- canonical/ibm maximo for utilities
- version/ibm maximo for utilities/7.5.0.6
- version/ibm maximo for utilities/7.1
- version/ibm maximo for utilities/7.5.0.0
- version/ibm maximo for utilities/7.5.0.1
- version/ibm maximo for utilities/7.5.0.2
- version/ibm maximo for utilities/7.5.0.3
- version/ibm maximo for utilities/7.5.0.4
- version/ibm maximo for utilities/7.5.0.5
- canonical/ibm maximo service desk
- version/ibm maximo service desk/6.2.8
- canonical/ibm control desk
- version/ibm control desk/7.5.0.6
- version/ibm control desk/7.5
- version/ibm control desk/7.5.0.0
- version/ibm control desk/7.5.0.1
- version/ibm control desk/7.5.0.2
- version/ibm control desk/7.5.0.3
- version/ibm control desk/7.5.1.0
- version/ibm control desk/7.5.1.1
- version/ibm control desk/7.5.1.2
- canonical/ibm tivoli it asset management for it
- version/ibm tivoli it asset management for it/6.2.8