Medium Severity

IBM Security Bulletin: IBM Maximo Asset Management is affected by a cross-site scripting vulnerability. (CVE-2018-1554)

Share this post:

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2018-1554

Affected product(s) and affected version(s):

This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, regardless of their own version, if they are currently installed on top of an affected IBM Maximo Asset Management. *

Maximo Asset Management core product affected versions:

Maximo Asset Management 7.6

Industry Solutions products affected if using an affected core version:

Maximo for Aviation

Maximo for Government

Maximo for Life Sciences

Maximo for Nuclear Power

Maximo for Oil and Gas

Maximo for Transportation

Maximo for Utilities

IBM Control Desk products affected if using an affected core version:

SmartCloud Control Desk

IBM Control Desk

Tivoli Integration Composer

* To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version. Please consult the Product Coexistence Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10713695
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142891

More stories

IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)

Jun 15, 2019 9:00 am EDT | Medium Severity

IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack CVE(s): CVE-2019-4142 Affected product(s) and affected version(s):IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885434X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158338 ...read more


IBM Security Bulletin: IBM Notes 9 and Domino 9 are affected by Open Source James Clark Expat Vulnerabilities (CVE-2013-0340, CVE-2013-0341)

Jun 14, 2019 9:00 am EDT | Medium Severity

IBM Notes 9 and Domino 9 consume Open Source James Clark Expat for which the vulnerabilities are reported. Expat is vulnerable to a denial of service, caused by the improper handling of internal entity expansion. IBM has addressed these vulnerabilities by updating fixes provided by HP to the existing Keyview library. CVE(s): CVE-2013-0340, CVE-2013-0341 Affected ...read more


IBM Security Bulletin: IBM Connections Security Refresh (CVE-2019-4403)

Jun 13, 2019 9:01 am EDT | Medium Severity

IBM Connections contains a possible cross-site scripting vulnerability, see details below for remediation information. CVE(s): CVE-2019-4403 Affected product(s) and affected version(s):The following versions of IBM Connections are impacted: IBM Connections 6.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10886079X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162264 ...read more