CVE-2011-4817
https://notcve.org/view.php?id=CVE-2011-4817
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 shows the username, which might allow remote authenticated users to have an unspecified impact via a targeted attack against the corresponding user account. La opción "About" del menú de ayuda de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1 y 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2 muestra el nombre de usuario, lo que permite a atacantes remotos autenticados tener un impacto sin especificar a través de un ataque dirigido a la cuenta de usuario correspondiente. • http://secunia.com/advisories/48299 http://secunia.com/advisories/48305 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09197 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-4819
https://notcve.org/view.php?id=CVE-2011-4819
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permiten a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro uisesionid de (1) maximo.jsp o (2) la URI por defecto bajo ui/. • http://secunia.com/advisories/48299 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1395
https://notcve.org/view.php?id=CVE-2011-1395
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en imicon.jsp de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro controlid. • http://secunia.com/advisories/48299 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09189 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/71996 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4818
https://notcve.org/view.php?id=CVE-2011-4818
Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component. Vulnerabilidad de redirección involuntaria en IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, y 7.5 permite a usuarios autenticados remotos redirigir a usuarios a webs arbitrarias y realizar ataques de phishing a través del parámetro uisessionid de un componente sin especificar. • http://secunia.com/advisories/48299 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09200 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72006 • CWE-20: Improper Input Validation •
CVE-2012-0195
https://notcve.org/view.php?id=CVE-2012-0195
Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) el componente "Start Center Layout and Configuration" de IBM Maximo Asset Management y Asset Management Essentials 6.2, 7.1, t 7.5; IBM Tivoli Asset Management para IT 6.2, 7.1, y 7.2; IBM Tivoli Service Request Manager 7.1 y 7.2; IBM Maximo Service Desk 6.2; y IBM Tivoli Change y Configuration Management Database (CCMDB) 6.2, 7.1, y 7.2. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del "display name". • http://secunia.com/advisories/48299 http://secunia.com/advisories/48305 http://www-01.ibm.com/support/docview.wss?uid=swg1IV09198 http://www.ibm.com/support/docview.wss?uid=swg21584666 http://www.securityfocus.com/bid/52333 https://exchange.xforce.ibmcloud.com/vulnerabilities/72612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •