How does CVE-2019-4429 impact IBM Maximo Asset Management?

CVE-2019-4429 allows an attacker to potentially alter the intended functionality of IBM Maximo Asset Management and disclose credentials within a trusted session.

What is the severity of CVE-2019-4429?

CVE-2019-4429 has a severity rating of medium with a CVSS score of 5.4.

How can I fix CVE-2019-4429?

To fix CVE-2019-4429, upgrade to a patched version of IBM Maximo Asset Management 7.6.2 or later.

Where can I find more information about CVE-2019-4429?

More information about CVE-2019-4429 can be found in the IBM Security Bulletin and IBM X-Force Exchange.

Vulnerability/
CVE-2019-4429

medium

5.4

CWE

6/2/2020

18/2/2020

4/8/2024

CVE-2019-4429: XSS

Q: What is CVE-2019-4429?

CVE-2019-4429 is a vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.

First published: Thu Feb 06 2020(Updated: )

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Control Desk	=7.6.1
IBM Control Desk	=7.6.1.1
IBM Maximo Anywhere	=7.6.0.0
IBM Maximo Anywhere	=7.6.1.0
Ibm Maximo For Aviation	=7.6.6
Ibm Maximo For Aviation	=7.6.7
Ibm Maximo For Aviation	=7.6.8
Ibm Maximo For Life Sciences	=7.6
Ibm Maximo For Nuclear Power	=7.6.1
Ibm Maximo For Oil And Gas	=7.6.1
Ibm Maximo For Transportation	=7.6.2.3
Ibm Maximo For Transportation	=7.6.2.4
Ibm Maximo For Transportation	=7.6.2.5
Ibm Maximo For Utilities	=7.6.0.1
Ibm Maximo For Utilities	=7.6.0.2
IBM SmartCloud Control Desk
IBM Maximo Asset Management	=7.6.0.1
IBM Maximo Asset Management	=7.6.0.2
IBM Maximo Asset Management	<=7.6.0
IBM Maximo Asset Management	<=7.6.1

Remedy

https://www.ibm.com/support/pages/node/1489053

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-1489053

Frequently Asked Questions

What is CVE-2019-4429?
CVE-2019-4429 is a vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session.
How does CVE-2019-4429 impact IBM Maximo Asset Management?
CVE-2019-4429 allows an attacker to potentially alter the intended functionality of IBM Maximo Asset Management and disclose credentials within a trusted session.
What is the severity of CVE-2019-4429?
CVE-2019-4429 has a severity rating of medium with a CVSS score of 5.4.
How can I fix CVE-2019-4429?
To fix CVE-2019-4429, upgrade to a patched version of IBM Maximo Asset Management 7.6.2 or later.
Where can I find more information about CVE-2019-4429?
More information about CVE-2019-4429 can be found in the IBM Security Bulletin and IBM X-Force Exchange.

collector/nvd-index
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/remedy
agent/author
agent/severity
agent/softwarecombine
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm control desk
version/ibm control desk/7.6.1
version/ibm control desk/7.6.1.1
canonical/ibm maximo anywhere
version/ibm maximo anywhere/7.6.0.0
version/ibm maximo anywhere/7.6.1.0
canonical/ibm maximo for aviation
version/ibm maximo for aviation/7.6.6
version/ibm maximo for aviation/7.6.7
version/ibm maximo for aviation/7.6.8
canonical/ibm maximo for life sciences
version/ibm maximo for life sciences/7.6
canonical/ibm maximo for nuclear power
version/ibm maximo for nuclear power/7.6.1
canonical/ibm maximo for oil and gas
version/ibm maximo for oil and gas/7.6.1
canonical/ibm maximo for transportation
version/ibm maximo for transportation/7.6.2.3
version/ibm maximo for transportation/7.6.2.4
version/ibm maximo for transportation/7.6.2.5
canonical/ibm maximo for utilities
version/ibm maximo for utilities/7.6.0.1
version/ibm maximo for utilities/7.6.0.2
canonical/ibm smartcloud control desk
canonical/ibm maximo asset management
version/ibm maximo asset management/7.6.0.1
version/ibm maximo asset management/7.6.0.2
version/ibm maximo asset management/7.6.0
version/ibm maximo asset management/7.6.1