What is the severity of CVE-2016-5902?

CVE-2016-5902 has a critical severity rating due to its potential for cross-site scripting attacks which can lead to credential disclosure.

How do I fix CVE-2016-5902?

To fix CVE-2016-5902, apply the latest patches provided by IBM for the affected versions of Maximo Asset Management.

Which versions are affected by CVE-2016-5902?

CVE-2016-5902 affects IBM Maximo Asset Management versions 7.1, 7.5, and 7.6 and various Maximo products including aviation and utilities.

What type of attack is associated with CVE-2016-5902?

CVE-2016-5902 enables cross-site scripting (XSS) attacks, allowing attackers to inject malicious JavaScript into web pages.

Can CVE-2016-5902 lead to data theft?

Yes, due to the nature of cross-site scripting, CVE-2016-5902 can potentially lead to credential disclosure and data theft within trusted sessions.

Vulnerability/
CVE-2016-5902

medium

6.1

CWE

8/2/2017

6/8/2024

CVE-2016-5902: XSS

First published: Wed Feb 08 2017(Updated: )

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Maximo Asset Management	=7.1
IBM Maximo Asset Management	=7.5
IBM Maximo Asset Management	=7.6
IBM Maximo for Aviation	=7.1
IBM Maximo for Aviation	=7.5
IBM Maximo for Aviation	=7.6
IBM Maximo for Energy Optimization	=7.1
IBM Maximo for Energy Optimization	=7.5
IBM Maximo for Energy Optimization	=7.6
IBM Maximo For Government	=7.1
IBM Maximo For Government	=7.5
IBM Maximo For Government	=7.6
IBM Maximo for Life Sciences	=7.1
IBM Maximo for Life Sciences	=7.5
IBM Maximo for Life Sciences	=7.6
IBM Maximo for Nuclear Power	=7.1
IBM Maximo for Nuclear Power	=7.5
IBM Maximo for Nuclear Power	=7.6
IBM Maximo for Oil and Gas	=7.1
IBM Maximo for Oil and Gas	=7.5
IBM Maximo for Oil and Gas	=7.6
IBM Maximo for Transportation	=7.1
IBM Maximo for Transportation	=7.5
IBM Maximo for Transportation	=7.6
IBM Maximo for Utilities	=7.1
IBM Maximo for Utilities	=7.5
IBM Maximo for Utilities	=7.6

Remedy

http://www.ibm.com/support/docview.wss?uid=swg21988252

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-5902?
CVE-2016-5902 has a critical severity rating due to its potential for cross-site scripting attacks which can lead to credential disclosure.
How do I fix CVE-2016-5902?
To fix CVE-2016-5902, apply the latest patches provided by IBM for the affected versions of Maximo Asset Management.
Which versions are affected by CVE-2016-5902?
CVE-2016-5902 affects IBM Maximo Asset Management versions 7.1, 7.5, and 7.6 and various Maximo products including aviation and utilities.
What type of attack is associated with CVE-2016-5902?
CVE-2016-5902 enables cross-site scripting (XSS) attacks, allowing attackers to inject malicious JavaScript into web pages.
Can CVE-2016-5902 lead to data theft?
Yes, due to the nature of cross-site scripting, CVE-2016-5902 can potentially lead to credential disclosure and data theft within trusted sessions.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/remedy
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm maximo asset management
version/ibm maximo asset management/7.1
version/ibm maximo asset management/7.5
version/ibm maximo asset management/7.6
canonical/ibm maximo for aviation
version/ibm maximo for aviation/7.1
version/ibm maximo for aviation/7.5
version/ibm maximo for aviation/7.6
canonical/ibm maximo for energy optimization
version/ibm maximo for energy optimization/7.1
version/ibm maximo for energy optimization/7.5
version/ibm maximo for energy optimization/7.6
canonical/ibm maximo for government
version/ibm maximo for government/7.1
version/ibm maximo for government/7.5
version/ibm maximo for government/7.6
canonical/ibm maximo for life sciences
version/ibm maximo for life sciences/7.1
version/ibm maximo for life sciences/7.5
version/ibm maximo for life sciences/7.6
canonical/ibm maximo for nuclear power
version/ibm maximo for nuclear power/7.1
version/ibm maximo for nuclear power/7.5
version/ibm maximo for nuclear power/7.6
canonical/ibm maximo for oil and gas
version/ibm maximo for oil and gas/7.1
version/ibm maximo for oil and gas/7.5
version/ibm maximo for oil and gas/7.6
canonical/ibm maximo for transportation
version/ibm maximo for transportation/7.1
version/ibm maximo for transportation/7.5
version/ibm maximo for transportation/7.6
canonical/ibm maximo for utilities
version/ibm maximo for utilities/7.1
version/ibm maximo for utilities/7.5
version/ibm maximo for utilities/7.6