Description
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522.
CVSS breakdown
CVSS 3.0
User Interaction
None
Scope
Unchanged
Attack Vector
Network
Integrity
Low
Privileges Required
None
Confidentiality
Low
Availability
None
Attack Complexity
Low
RC
Changed
E
High
RL
O
Affected products
- ibm / maximo_asset_management7.6.0 – 7.6.0
- ibm / maximo_asset_management7.6.1 – 7.6.1