CVE-2011-4819
https://notcve.org/view.php?id=CVE-2011-4819
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permiten a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro uisesionid de (1) maximo.jsp o (2) la URI por defecto bajo ui/. • http://secunia.com/advisories/48299 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1395
https://notcve.org/view.php?id=CVE-2011-1395
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en imicon.jsp de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro controlid. • http://secunia.com/advisories/48299 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/71996 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4818
https://notcve.org/view.php?id=CVE-2011-4818
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component. Vulnerabilidad de redirección involuntaria en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5 permite a usuarios autenticados remotos redirigir a usuarios a webs arbitrarias y realizar ataques de phishing a través del parámetro uisessionid de un componente sin especificar. • http://secunia.com/advisories/48299 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72006 • CWE-20: Improper Input Validation •
CVE-2012-0195
https://notcve.org/view.php?id=CVE-2012-0195
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) el componente "Start Center Layout and Configuration" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, t 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del "display name". • http://secunia.com/advisories/48299 http://secunia.com/advisories/48305 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1397
https://notcve.org/view.php?id=CVE-2011-1397
Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la página "Labor Reporting" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://secunia.com/advisories/48299 http://secunia.com/advisories/48305 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09193 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72000 • CWE-352: Cross-Site Request Forgery (CSRF) •