CVE-2019-4749: XSS
First published: Thu Apr 16 2020(Updated: )
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | <=7.6.1.1 | |
| IBM Control Desk | =7.6.1 | |
| IBM Control Desk | =7.6.1.1 | |
| IBM Maximo Asset Management | =7.6.6 | |
| IBM Maximo Asset Management | =7.6.7 | |
| IBM Maximo Asset Management | =7.6.7.1 | |
| IBM Maximo Asset Management | =7.6.1 | |
| IBM Maximo Asset Management | =7.6.1.1 | |
| IBM Maximo Asset Management | =7.6.1.1 | |
| Ibm Maximo Asset Management Scheduler | =7.6.7 | |
| Ibm Maximo Asset Management Scheduler | =7.6.7.1 | |
| Ibm Maximo Asset Management Scheduler | =7.6.7.3 | |
| Ibm Maximo Asset Management Scheduler Plus | =7.6.7 | |
| Ibm Maximo Asset Management Scheduler Plus | =7.6.7.1 | |
| Ibm Maximo Asset Management Scheduler Plus | =7.6.7.3 | |
| IBM Maximo Asset Management | =7.6 | |
| IBM Maximo Asset Management | =7.6 | |
| IBM Maximo Asset Management | =7.6.1 | |
| IBM Maximo Asset Management | ||
| Ibm Maximo For Aviation | =7.6.6 | |
| Ibm Maximo For Aviation | =7.6.7 | |
| Ibm Maximo For Aviation | =7.6.8 | |
| Ibm Maximo For Life Sciences | =7.6 | |
| Ibm Maximo For Nuclear Power | =7.6.1 | |
| Ibm Maximo For Oil And Gas | =7.6.1 | |
| Ibm Maximo For Service Providers | =7.6.3.1 | |
| Ibm Maximo For Service Providers | =7.6.3.2 | |
| Ibm Maximo For Service Providers | =7.6.3.3 | |
| Ibm Maximo For Transportation | =7.6.2.3 | |
| Ibm Maximo For Transportation | =7.6.2.4 | |
| Ibm Maximo For Transportation | =7.6.2.5 | |
| Ibm Maximo For Utilities | =7.6.0.1 | |
| Ibm Maximo For Utilities | =7.6.0.2 | |
| IBM Maximo Asset Management | =7.6.0.1 | |
| IBM Maximo Asset Management | =7.6.0.2 | |
| IBM Maximo Asset Management | =7.6.0.3 | |
| Ibm Maximo Network On Blockchain | =7.6.0.0 | |
| Ibm Maximo Network On Blockchain | =7.6.0.1 | |
| IBM Maximo Spatial Asset Management | =7.6.0.2 | |
| IBM Maximo Spatial Asset Management | =7.6.0.3 | |
| IBM Maximo Spatial Asset Management | =7.6.0.4 | |
| IBM Maximo Spatial Asset Management | =7.6.0.5 | |
| IBM Maximo Asset Management | =7.6.0.1 | |
| IBM Maximo Asset Management | =7.6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for IBM Maximo Asset Management?
The vulnerability ID for IBM Maximo Asset Management is CVE-2019-4749.
What is the severity of CVE-2019-4749?
The severity of CVE-2019-4749 is medium.
How does CVE-2019-4749 impact IBM Maximo Asset Management?
CVE-2019-4749 allows users to embed arbitrary JavaScript code in the Web UI of IBM Maximo Asset Management, potentially leading to credentials disclosure within a trusted session.
Which versions of IBM Maximo Asset Management are affected by CVE-2019-4749?
Versions up to and including 7.6.1.1 of IBM Maximo Asset Management are affected by CVE-2019-4749.
How can I fix the cross-site scripting vulnerability in IBM Maximo Asset Management?
To fix the cross-site scripting vulnerability in IBM Maximo Asset Management, update to a version that is not affected by CVE-2019-4749.
- collector/ibm-support
- collector/nvd-index
- vendor/ibm
- canonical/ibm maximo asset management
- version/ibm maximo asset management/7.6.1.1
- canonical/ibm control desk
- version/ibm control desk/7.6.1
- version/ibm control desk/7.6.1.1
- version/ibm maximo asset management/7.6.6
- version/ibm maximo asset management/7.6.7
- version/ibm maximo asset management/7.6.7.1
- version/ibm maximo asset management/7.6.1
- canonical/ibm maximo asset management scheduler
- version/ibm maximo asset management scheduler/7.6.7
- version/ibm maximo asset management scheduler/7.6.7.1
- version/ibm maximo asset management scheduler/7.6.7.3
- canonical/ibm maximo asset management scheduler plus
- version/ibm maximo asset management scheduler plus/7.6.7
- version/ibm maximo asset management scheduler plus/7.6.7.1
- version/ibm maximo asset management scheduler plus/7.6.7.3
- version/ibm maximo asset management/7.6
- canonical/ibm maximo for aviation
- version/ibm maximo for aviation/7.6.6
- version/ibm maximo for aviation/7.6.7
- version/ibm maximo for aviation/7.6.8
- canonical/ibm maximo for life sciences
- version/ibm maximo for life sciences/7.6
- canonical/ibm maximo for nuclear power
- version/ibm maximo for nuclear power/7.6.1
- canonical/ibm maximo for oil and gas
- version/ibm maximo for oil and gas/7.6.1
- canonical/ibm maximo for service providers
- version/ibm maximo for service providers/7.6.3.1
- version/ibm maximo for service providers/7.6.3.2
- version/ibm maximo for service providers/7.6.3.3
- canonical/ibm maximo for transportation
- version/ibm maximo for transportation/7.6.2.3
- version/ibm maximo for transportation/7.6.2.4
- version/ibm maximo for transportation/7.6.2.5
- canonical/ibm maximo for utilities
- version/ibm maximo for utilities/7.6.0.1
- version/ibm maximo for utilities/7.6.0.2
- version/ibm maximo asset management/7.6.0.1
- version/ibm maximo asset management/7.6.0.2
- version/ibm maximo asset management/7.6.0.3
- canonical/ibm maximo network on blockchain
- version/ibm maximo network on blockchain/7.6.0.0
- version/ibm maximo network on blockchain/7.6.0.1
- canonical/ibm maximo spatial asset management
- version/ibm maximo spatial asset management/7.6.0.2
- version/ibm maximo spatial asset management/7.6.0.3
- version/ibm maximo spatial asset management/7.6.0.4
- version/ibm maximo spatial asset management/7.6.0.5