Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tivoli_change_and_configuration_management_database
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-02-01 | CVE-2016-6072 | IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_asset_management_for_it, Tivoli_change_and_configuration_management_database, Tivoli_integration_composer, Tivoli_service_request_manager | 5.4 | ||
| 2012-03-02 | CVE-2012-0715 | Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Ilog_jviews_gantt, Tivoli_change_and_configuration_management_database | N/A | ||
| 2012-03-13 | CVE-2012-0195 | Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name. | Maximo_asset_management, Maximo_asset_management_essentials, Maximo_service_desk, Tivoli_asset_management_for_it, Tivoli_change_and_configuration_management_database, Trivoli_service_request_manager | N/A | ||
| 2012-03-13 | CVE-2011-4817 | The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account. | Maximo_asset_management, Maximo_asset_management_essentials, Maximo_service_desk, Tivoli_asset_management_for_it, Tivoli_change_and_configuration_management_database, Trivoli_service_request_manager | N/A | ||
| 2012-03-13 | CVE-2011-4816 | SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | Maximo_asset_management, Maximo_asset_management_essentials, Maximo_service_desk, Tivoli_asset_management_for_it, Tivoli_change_and_configuration_management_database, Trivoli_service_request_manager | N/A | ||
| 2012-03-13 | CVE-2011-1397 | Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users. | Maximo_asset_management, Maximo_asset_management_essentials, Maximo_service_desk, Tivoli_asset_management_for_it, Tivoli_change_and_configuration_management_database, Trivoli_service_request_manager | N/A | ||
| 2012-03-13 | CVE-2011-1394 | IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session. | Maximo_asset_management, Maximo_asset_management_essentials, Maximo_service_desk, Tivoli_asset_management_for_it, Tivoli_change_and_configuration_management_database, Trivoli_service_request_manager | N/A |