What is the vulnerability ID?

The vulnerability ID is CVE-2019-4486.

What is the severity of CVE-2019-4486?

The severity of CVE-2019-4486 is medium.

What software is affected by CVE-2019-4486?

IBM Maximo Asset Management versions 7.6.0.0 to 7.6.0.10 and versions 7.6.1.0 to 7.6.1.1 are affected by CVE-2019-4486.

What is the potential impact of CVE-2019-4486?

CVE-2019-4486 allows users to embed arbitrary JavaScript code in the Web UI, which can alter the intended functionality and potentially lead to credentials disclosure within a trusted session.

Where can I find more information about CVE-2019-4486?

You can find more information about CVE-2019-4486 on the IBM X-Force Exchange website.

Vulnerability/
CVE-2019-4486

medium

5.4

CWE

24/10/2019

28/10/2019

CVE-2019-4486: XSS

First published: Thu Oct 24 2019(Updated: )

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Maximo Asset Management	>=7.6.0.0<7.6.0.10
IBM Maximo Asset Management	>=7.6.1.0<7.6.1.1
Ibm Maximo For Aviation	=7.6
Ibm Maximo For Aviation	=7.6.1
Ibm Maximo For Aviation	=7.6.2
Ibm Maximo For Aviation	=7.6.2.1
Ibm Maximo For Aviation	=7.6.3
Ibm Maximo For Life Sciences	=7.6
Ibm Maximo For Nuclear Power	=7.6.0
Ibm Maximo For Oil And Gas	=7.6.0
Ibm Maximo For Transportation	=7.6.1
Ibm Maximo For Transportation	=7.6.2
Ibm Maximo For Transportation	=7.6.2.1
Ibm Maximo For Transportation	=7.6.2.2
Ibm Maximo For Transportation	=7.6.2.3
Ibm Maximo For Transportation	=7.6.2.4
Ibm Maximo For Utilities	=7.6
IBM SmartCloud Control Desk	=7.6.0
IBM SmartCloud Control Desk	=7.6.0.1
IBM Maximo Asset Management	=7.2.0.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-1075023

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2019-4486.
What is the severity of CVE-2019-4486?
The severity of CVE-2019-4486 is medium.
What software is affected by CVE-2019-4486?
IBM Maximo Asset Management versions 7.6.0.0 to 7.6.0.10 and versions 7.6.1.0 to 7.6.1.1 are affected by CVE-2019-4486.
What is the potential impact of CVE-2019-4486?
CVE-2019-4486 allows users to embed arbitrary JavaScript code in the Web UI, which can alter the intended functionality and potentially lead to credentials disclosure within a trusted session.
Where can I find more information about CVE-2019-4486?
You can find more information about CVE-2019-4486 on the IBM X-Force Exchange website.

collector/ibm-support
collector/nvd-index
vendor/ibm
canonical/ibm maximo asset management
version/ibm maximo asset management/7.6.0.0
version/ibm maximo asset management/7.6.1.0
canonical/ibm maximo for aviation
version/ibm maximo for aviation/7.6
version/ibm maximo for aviation/7.6.1
version/ibm maximo for aviation/7.6.2
version/ibm maximo for aviation/7.6.2.1
version/ibm maximo for aviation/7.6.3
canonical/ibm maximo for life sciences
version/ibm maximo for life sciences/7.6
canonical/ibm maximo for nuclear power
version/ibm maximo for nuclear power/7.6.0
canonical/ibm maximo for oil and gas
version/ibm maximo for oil and gas/7.6.0
canonical/ibm maximo for transportation
version/ibm maximo for transportation/7.6.1
version/ibm maximo for transportation/7.6.2
version/ibm maximo for transportation/7.6.2.1
version/ibm maximo for transportation/7.6.2.2
version/ibm maximo for transportation/7.6.2.3
version/ibm maximo for transportation/7.6.2.4
canonical/ibm maximo for utilities
version/ibm maximo for utilities/7.6
canonical/ibm smartcloud control desk
version/ibm smartcloud control desk/7.6.0
version/ibm smartcloud control desk/7.6.0.1
version/ibm maximo asset management/7.2.0.0