CVE-2022-35714
First published: Fri Jul 15 2022(Updated: )
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Maximo Asset Management | =7.6.1.1 | |
| IBM Maximo Asset Management | =7.6.1.2 | |
| IBM Maximo Asset Management | <=7.6.1.2 | |
| IBM Maximo Asset Management | <=7.6.1.1 | |
| IBM Manage Component | <=8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2022-35714.
What is the severity of CVE-2022-35714?
The severity of CVE-2022-35714 is medium with a score of 5.4.
How does CVE-2022-35714 affect IBM Maximo Asset Management?
CVE-2022-35714 affects IBM Maximo Asset Management versions 7.6.1.1 and 7.6.1.2.
What is cross-site scripting (XSS)?
Cross-site scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
How can CVE-2022-35714 be fixed?
To fix CVE-2022-35714, update IBM Maximo Asset Management to a version that is not affected by the vulnerability.
- collector/nvd-index
- collector/ibm-support
- vendor/ibm
- product/maximo asset management
- canonical/ibm maximo asset management
- product/manage component
- canonical/ibm manage component