CVE-2013-0457
https://notcve.org/view.php?id=CVE-2013-0457
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y SmartCloud Control Desk v7.5 que permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores relacionados con un identificador de sesión de la interfaz de usuario (uisessionid). • http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/81011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3321
https://notcve.org/view.php?id=CVE-2012-3321
IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password. IBM SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente evitar las restricciones de acceso implementadas a través de vectores que involucran a la caducidad de la contraseña. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/77916 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3322
https://notcve.org/view.php?id=CVE-2012-3322
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name. Vulnerabilidad XSS en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente, inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con el "display name". • http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/77918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3316
https://notcve.org/view.php?id=CVE-2012-3316
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en Tivoli Process Automation Engine (TPAE) en IBM Maximo Asset Management v6.2 a la v7.5, Maximo Asset Management Essentials v6.2 a la v7.5, Tivoli Asset Management para IT v6.2 a la v7.2, Tivoli Service Request Manager v7.1 a la v7.2, Maximo Service Desk v6.2, Change y Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente inyectar secuencias de comandos web y HTML de su elección a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/77813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-6355
https://notcve.org/view.php?id=CVE-2012-6355
IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order. IBM Maximo Asset Management 6.2 a 7.5, Maximo Asset Management Essentials 6.2 a 7.5, Tivoli Asset Management for IT 6.2 a 7.2, Tivoli Service Request 7,1 y 7,2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, y SmartCloud Control Desk 7.5, permiten a usuarios remotos autenticados obtener privilegios a través de vectores relacionados con una orden de trabajo. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/80747 • CWE-264: Permissions, Privileges, and Access Controls •