Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for tivoli_change_and_configuration_management_database by ibm

    CVE-2016-6072 (GCVE-0-2016-6072)

    Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Maximo Asset Management Affected: 6.2
    Affected: 7.1
    Affected: 7.5
    Affected: 7.5.0.0
    Affected: 7.5.0.10
    Affected: 7.1.0.0
    Affected: 6.2.0.0
    Affected: 7.2
    Affected: 7.1.1
    Affected: 7.1.2
    Affected: 7.2.1
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.2.3
    Affected: 6.2.4
    Affected: 6.2.5
    Affected: 6.2.6
    Affected: 6.2.7
    Affected: 6.2.8
    Affected: 7.1.1.1
    Affected: 7.1.1.10
    Affected: 7.1.1.11
    Affected: 7.1.1.12
    Affected: 7.1.1.2
    Affected: 7.1.1.5
    Affected: 7.1.1.6
    Affected: 7.1.1.7
    Affected: 7.1.1.8
    Affected: 7.1.1.9
    Affected: 7.5.0.1
    Affected: 7.5.0.2
    Affected: 7.5.0.3
    Affected: 7.5.0.4
    Affected: 7.5.0.5
    Affected: 7.6
    Affected: 7.5.0
    Affected: 7.6.0
    Create a notification for this product.
    Date Public
    2017-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:18.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94355",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94355"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Maximo Asset Management",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "7.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.10"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.2.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.10"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.11"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.12"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.6"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.8"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "94355",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94355"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-6072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Maximo Asset Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "7.5"
                              },
                              {
                                "version_value": "7.5.0.0"
                              },
                              {
                                "version_value": "7.5.0.10"
                              },
                              {
                                "version_value": "7.1.0.0"
                              },
                              {
                                "version_value": "6.2.0.0"
                              },
                              {
                                "version_value": "7.2"
                              },
                              {
                                "version_value": "7.1.1"
                              },
                              {
                                "version_value": "7.1.2"
                              },
                              {
                                "version_value": "7.2.1"
                              },
                              {
                                "version_value": "6.2.1"
                              },
                              {
                                "version_value": "6.2.2"
                              },
                              {
                                "version_value": "6.2.3"
                              },
                              {
                                "version_value": "6.2.4"
                              },
                              {
                                "version_value": "6.2.5"
                              },
                              {
                                "version_value": "6.2.6"
                              },
                              {
                                "version_value": "6.2.7"
                              },
                              {
                                "version_value": "6.2.8"
                              },
                              {
                                "version_value": "7.1.1.1"
                              },
                              {
                                "version_value": "7.1.1.10"
                              },
                              {
                                "version_value": "7.1.1.11"
                              },
                              {
                                "version_value": "7.1.1.12"
                              },
                              {
                                "version_value": "7.1.1.2"
                              },
                              {
                                "version_value": "7.1.1.5"
                              },
                              {
                                "version_value": "7.1.1.6"
                              },
                              {
                                "version_value": "7.1.1.7"
                              },
                              {
                                "version_value": "7.1.1.8"
                              },
                              {
                                "version_value": "7.1.1.9"
                              },
                              {
                                "version_value": "7.5.0.1"
                              },
                              {
                                "version_value": "7.5.0.2"
                              },
                              {
                                "version_value": "7.5.0.3"
                              },
                              {
                                "version_value": "7.5.0.4"
                              },
                              {
                                "version_value": "7.5.0.5"
                              },
                              {
                                "version_value": "7.6"
                              },
                              {
                                "version_value": "7.5.0"
                              },
                              {
                                "version_value": "7.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94355",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94355"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21991893",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6072",
        "datePublished": "2017-02-01T20:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:18.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0195 (GCVE-0-2012-0195)

    Vulnerability from nvd – Published: 2012-03-13 01:00 – Updated: 2024-08-06 18:16
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    URL Tags
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:16:19.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "IV09198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              },
              {
                "name": "mam-sclc-xss(72612)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "IV09198",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "mam-sclc-xss(72612)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2012-0195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "IV09198",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                },
                {
                  "name": "mam-sclc-xss(72612)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2012-0195",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:16:19.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4817 (GCVE-0-2011-4817)

    Vulnerability from nvd – Published: 2012-03-13 01:00 – Updated: 2024-08-07 00:16
    VLAI
    Summary
    The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    URL Tags
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:16:34.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "maximo-helpmenu-info-disclosure(72004)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              },
              {
                "name": "IV09197",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "maximo-helpmenu-info-disclosure(72004)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09197",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2011-4817",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "maximo-helpmenu-info-disclosure(72004)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                },
                {
                  "name": "IV09197",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2011-4817",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:16:34.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4816 (GCVE-0-2011-4816)

    Vulnerability from nvd – Published: 2012-03-13 01:00 – Updated: 2024-08-07 00:16
    VLAI
    Summary
    SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:16:35.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "maximo-kpi-sql-injection(72001)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              },
              {
                "name": "IV09194",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "maximo-kpi-sql-injection(72001)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09194",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2011-4816",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "maximo-kpi-sql-injection(72001)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                },
                {
                  "name": "IV09194",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2011-4816",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:16:35.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1397 (GCVE-0-2011-1397)

    Vulnerability from nvd – Published: 2012-03-13 01:00 – Updated: 2024-08-06 22:28
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:28:40.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "maximo-laborreporting-csrf(72000)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              },
              {
                "name": "IV09193",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "maximo-laborreporting-csrf(72000)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09193",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-1397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "maximo-laborreporting-csrf(72000)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                },
                {
                  "name": "IV09193",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-1397",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:28:40.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1394 (GCVE-0-2011-1394)

    Vulnerability from nvd – Published: 2012-03-13 01:00 – Updated: 2024-08-06 22:28
    VLAI
    Summary
    IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:28:40.315Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "maximo-uisession-dos(71985)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "IV09157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "maximo-uisession-dos(71985)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "IV09157",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-1394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "maximo-uisession-dos(71985)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "IV09157",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-1394",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:28:40.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0715 (GCVE-0-2012-0715)

    Vulnerability from nvd – Published: 2012-03-02 19:00 – Updated: 2024-08-06 18:30
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2012-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:30:54.072Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ijg-gav-xss(73587)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73587"
              },
              {
                "name": "IV16174",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16174"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IV16174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ijg-gav-xss(73587)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73587"
            },
            {
              "name": "IV16174",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16174"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IV16174"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2012-0715",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ijg-gav-xss(73587)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73587"
                },
                {
                  "name": "IV16174",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16174"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IV16174",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IV16174"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2012-0715",
        "datePublished": "2012-03-02T19:00:00.000Z",
        "dateReserved": "2012-01-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:30:54.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6072 (GCVE-0-2016-6072)

    Vulnerability from cvelistv5 – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Corporation Maximo Asset Management Affected: 6.2
    Affected: 7.1
    Affected: 7.5
    Affected: 7.5.0.0
    Affected: 7.5.0.10
    Affected: 7.1.0.0
    Affected: 6.2.0.0
    Affected: 7.2
    Affected: 7.1.1
    Affected: 7.1.2
    Affected: 7.2.1
    Affected: 6.2.1
    Affected: 6.2.2
    Affected: 6.2.3
    Affected: 6.2.4
    Affected: 6.2.5
    Affected: 6.2.6
    Affected: 6.2.7
    Affected: 6.2.8
    Affected: 7.1.1.1
    Affected: 7.1.1.10
    Affected: 7.1.1.11
    Affected: 7.1.1.12
    Affected: 7.1.1.2
    Affected: 7.1.1.5
    Affected: 7.1.1.6
    Affected: 7.1.1.7
    Affected: 7.1.1.8
    Affected: 7.1.1.9
    Affected: 7.5.0.1
    Affected: 7.5.0.2
    Affected: 7.5.0.3
    Affected: 7.5.0.4
    Affected: 7.5.0.5
    Affected: 7.6
    Affected: 7.5.0
    Affected: 7.6.0
    Create a notification for this product.
    Date Public
    2017-02-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:18.986Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "94355",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94355"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Maximo Asset Management",
              "vendor": "IBM Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "7.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.10"
                },
                {
                  "status": "affected",
                  "version": "7.1.0.0"
                },
                {
                  "status": "affected",
                  "version": "6.2.0.0"
                },
                {
                  "status": "affected",
                  "version": "7.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.1"
                },
                {
                  "status": "affected",
                  "version": "6.2.2"
                },
                {
                  "status": "affected",
                  "version": "6.2.3"
                },
                {
                  "status": "affected",
                  "version": "6.2.4"
                },
                {
                  "status": "affected",
                  "version": "6.2.5"
                },
                {
                  "status": "affected",
                  "version": "6.2.6"
                },
                {
                  "status": "affected",
                  "version": "6.2.7"
                },
                {
                  "status": "affected",
                  "version": "6.2.8"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.1"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.10"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.11"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.12"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.2"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.5"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.6"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.7"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.8"
                },
                {
                  "status": "affected",
                  "version": "7.1.1.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.4"
                },
                {
                  "status": "affected",
                  "version": "7.5.0.5"
                },
                {
                  "status": "affected",
                  "version": "7.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-02-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-02T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "94355",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94355"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2016-6072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Maximo Asset Management",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.2"
                              },
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "7.5"
                              },
                              {
                                "version_value": "7.5.0.0"
                              },
                              {
                                "version_value": "7.5.0.10"
                              },
                              {
                                "version_value": "7.1.0.0"
                              },
                              {
                                "version_value": "6.2.0.0"
                              },
                              {
                                "version_value": "7.2"
                              },
                              {
                                "version_value": "7.1.1"
                              },
                              {
                                "version_value": "7.1.2"
                              },
                              {
                                "version_value": "7.2.1"
                              },
                              {
                                "version_value": "6.2.1"
                              },
                              {
                                "version_value": "6.2.2"
                              },
                              {
                                "version_value": "6.2.3"
                              },
                              {
                                "version_value": "6.2.4"
                              },
                              {
                                "version_value": "6.2.5"
                              },
                              {
                                "version_value": "6.2.6"
                              },
                              {
                                "version_value": "6.2.7"
                              },
                              {
                                "version_value": "6.2.8"
                              },
                              {
                                "version_value": "7.1.1.1"
                              },
                              {
                                "version_value": "7.1.1.10"
                              },
                              {
                                "version_value": "7.1.1.11"
                              },
                              {
                                "version_value": "7.1.1.12"
                              },
                              {
                                "version_value": "7.1.1.2"
                              },
                              {
                                "version_value": "7.1.1.5"
                              },
                              {
                                "version_value": "7.1.1.6"
                              },
                              {
                                "version_value": "7.1.1.7"
                              },
                              {
                                "version_value": "7.1.1.8"
                              },
                              {
                                "version_value": "7.1.1.9"
                              },
                              {
                                "version_value": "7.5.0.1"
                              },
                              {
                                "version_value": "7.5.0.2"
                              },
                              {
                                "version_value": "7.5.0.3"
                              },
                              {
                                "version_value": "7.5.0.4"
                              },
                              {
                                "version_value": "7.5.0.5"
                              },
                              {
                                "version_value": "7.6"
                              },
                              {
                                "version_value": "7.5.0"
                              },
                              {
                                "version_value": "7.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "94355",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94355"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21991893",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21991893"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2016-6072",
        "datePublished": "2017-02-01T20:00:00.000Z",
        "dateReserved": "2016-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:18.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0195 (GCVE-0-2012-0195)

    Vulnerability from cvelistv5 – Published: 2012-03-13 01:00 – Updated: 2024-08-06 18:16
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    URL Tags
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:16:19.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "IV09198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              },
              {
                "name": "mam-sclc-xss(72612)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "IV09198",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "mam-sclc-xss(72612)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2012-0195",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "IV09198",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                },
                {
                  "name": "mam-sclc-xss(72612)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72612"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2012-0195",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:16:19.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1397 (GCVE-0-2011-1397)

    Vulnerability from cvelistv5 – Published: 2012-03-13 01:00 – Updated: 2024-08-06 22:28
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:28:40.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "maximo-laborreporting-csrf(72000)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              },
              {
                "name": "IV09193",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "maximo-laborreporting-csrf(72000)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09193",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-1397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "maximo-laborreporting-csrf(72000)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72000"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                },
                {
                  "name": "IV09193",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-1397",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:28:40.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4816 (GCVE-0-2011-4816)

    Vulnerability from cvelistv5 – Published: 2012-03-13 01:00 – Updated: 2024-08-07 00:16
    VLAI
    Summary
    SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:16:35.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "maximo-kpi-sql-injection(72001)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              },
              {
                "name": "IV09194",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "maximo-kpi-sql-injection(72001)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09194",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2011-4816",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "maximo-kpi-sql-injection(72001)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72001"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                },
                {
                  "name": "IV09194",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09194"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2011-4816",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:16:35.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1394 (GCVE-0-2011-1394)

    Vulnerability from cvelistv5 – Published: 2012-03-13 01:00 – Updated: 2024-08-06 22:28
    VLAI
    Summary
    IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:28:40.315Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "maximo-uisession-dos(71985)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "IV09157",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "maximo-uisession-dos(71985)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "IV09157",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-1394",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "maximo-uisession-dos(71985)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71985"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "IV09157",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09157"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-1394",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:28:40.315Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-4817 (GCVE-0-2011-4817)

    Vulnerability from cvelistv5 – Published: 2012-03-13 01:00 – Updated: 2024-08-07 00:16
    VLAI
    Summary
    The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    URL Tags
    http://www.ibm.com/support/docview.wss?uid=swg21584666 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/48299 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/48305 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/52333 vdb-entryx_refsource_BID
    http://www-01.ibm.com/support/docview.wss?uid=swg… vendor-advisoryx_refsource_AIXAPAR
    Date Public
    2012-02-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:16:34.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
              },
              {
                "name": "maximo-helpmenu-info-disclosure(72004)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
              },
              {
                "name": "48299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48299"
              },
              {
                "name": "48305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/48305"
              },
              {
                "name": "52333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52333"
              },
              {
                "name": "IV09197",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-09T17:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
            },
            {
              "name": "maximo-helpmenu-info-disclosure(72004)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
            },
            {
              "name": "48299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48299"
            },
            {
              "name": "48305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/48305"
            },
            {
              "name": "52333",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52333"
            },
            {
              "name": "IV09197",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2011-4817",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg21584666",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg21584666"
                },
                {
                  "name": "maximo-helpmenu-info-disclosure(72004)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72004"
                },
                {
                  "name": "48299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48299"
                },
                {
                  "name": "48305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/48305"
                },
                {
                  "name": "52333",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52333"
                },
                {
                  "name": "IV09197",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2011-4817",
        "datePublished": "2012-03-13T01:00:00.000Z",
        "dateReserved": "2011-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:16:34.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0715 (GCVE-0-2012-0715)

    Vulnerability from cvelistv5 – Published: 2012-03-02 19:00 – Updated: 2024-08-06 18:30
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2012-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:30:54.072Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ijg-gav-xss(73587)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73587"
              },
              {
                "name": "IV16174",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16174"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IV16174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ijg-gav-xss(73587)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73587"
            },
            {
              "name": "IV16174",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16174"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IV16174"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2012-0715",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ijg-gav-xss(73587)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73587"
                },
                {
                  "name": "IV16174",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16174"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IV16174",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?crawler=1\u0026uid=swg1IV16174"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2012-0715",
        "datePublished": "2012-03-02T19:00:00.000Z",
        "dateReserved": "2012-01-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:30:54.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }