What is the severity of CVE-2015-0109?

CVE-2015-0109 is rated as a medium severity vulnerability due to the potential for remote authenticated users to inject web scripts or HTML.

How do I fix CVE-2015-0109?

To fix CVE-2015-0109, upgrade to the latest version of IBM Maximo Asset Management or apply any recommended patches provided by IBM.

What are the affected versions by CVE-2015-0109?

CVE-2015-0109 affects IBM Maximo Asset Management versions 7.1 through 7.1.1.8 and 7.2, along with certain Tivoli IT Asset Management products.

Who is vulnerable to CVE-2015-0109?

Remote authenticated users of IBM Maximo Asset Management and Tivoli IT Asset Management products are vulnerable to CVE-2015-0109.

What kind of attacks can CVE-2015-0109 lead to?

CVE-2015-0109 can lead to cross-site scripting (XSS) attacks, allowing attackers to inject arbitrary scripts into web pages viewed by other users.

Vulnerability/
CVE-2015-0109

low

3.5

CWE

18/2/2015

6/8/2024

CVE-2015-0109: XSS

First published: Wed Feb 18 2015(Updated: )

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Change And Configuration Management Database	=7.1
Ibm Change And Configuration Management Database	=7.2
IBM Maximo Asset Management	=7.1
IBM Maximo Asset Management	=7.1.1
IBM Maximo Asset Management	=7.1.1.1
IBM Maximo Asset Management	=7.1.1.2
IBM Maximo Asset Management	=7.1.1.5
IBM Maximo Asset Management	=7.1.1.6
IBM Maximo Asset Management	=7.1.1.7
IBM Maximo Asset Management	=7.1.1.8
Ibm Maximo Asset Management Essentials	=7.1
Ibm Maximo For Government	=7.1
Ibm Maximo For Life Sciences	=7.1
Ibm Maximo For Nuclear Power	=7.1
Ibm Maximo For Oil And Gas	=7.1
Ibm Maximo For Transportation	=7.1
Ibm Maximo For Utilities	=7.1
IBM Tivoli Asset Management for IT	=7.1
IBM Tivoli Asset Management for IT	=7.2
Ibm Tivoli Service Request Manager	=7.1
Ibm Tivoli Service Request Manager	=7.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-0109?
CVE-2015-0109 is rated as a medium severity vulnerability due to the potential for remote authenticated users to inject web scripts or HTML.
How do I fix CVE-2015-0109?
To fix CVE-2015-0109, upgrade to the latest version of IBM Maximo Asset Management or apply any recommended patches provided by IBM.
What are the affected versions by CVE-2015-0109?
CVE-2015-0109 affects IBM Maximo Asset Management versions 7.1 through 7.1.1.8 and 7.2, along with certain Tivoli IT Asset Management products.
Who is vulnerable to CVE-2015-0109?
Remote authenticated users of IBM Maximo Asset Management and Tivoli IT Asset Management products are vulnerable to CVE-2015-0109.
What kind of attacks can CVE-2015-0109 lead to?
CVE-2015-0109 can lead to cross-site scripting (XSS) attacks, allowing attackers to inject arbitrary scripts into web pages viewed by other users.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/weakness
agent/description
agent/event
agent/tags
agent/first-publish-date
agent/source
vendor/ibm
canonical/ibm change and configuration management database
version/ibm change and configuration management database/7.1
version/ibm change and configuration management database/7.2
canonical/ibm maximo asset management
version/ibm maximo asset management/7.1
version/ibm maximo asset management/7.1.1
version/ibm maximo asset management/7.1.1.1
version/ibm maximo asset management/7.1.1.2
version/ibm maximo asset management/7.1.1.5
version/ibm maximo asset management/7.1.1.6
version/ibm maximo asset management/7.1.1.7
version/ibm maximo asset management/7.1.1.8
canonical/ibm maximo asset management essentials
version/ibm maximo asset management essentials/7.1
canonical/ibm maximo for government
version/ibm maximo for government/7.1
canonical/ibm maximo for life sciences
version/ibm maximo for life sciences/7.1
canonical/ibm maximo for nuclear power
version/ibm maximo for nuclear power/7.1
canonical/ibm maximo for oil and gas
version/ibm maximo for oil and gas/7.1
canonical/ibm maximo for transportation
version/ibm maximo for transportation/7.1
canonical/ibm maximo for utilities
version/ibm maximo for utilities/7.1
canonical/ibm tivoli asset management for it
version/ibm tivoli asset management for it/7.1
version/ibm tivoli asset management for it/7.2
canonical/ibm tivoli service request manager
version/ibm tivoli service request manager/7.1
version/ibm tivoli service request manager/7.2