Medium Severity

Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting (CVE-2022-35714)

Share this post:

IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to cross-site scripting.

CVE(s): CVE-2022-35714

Affected product(s) and affected version(s):

This vulnerability affects the following versions of the IBM Maximo Asset Management core product and IBM Maximo Manage Application in IBM Maximo Application Suite.  Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.

Product versions affected:

Affected Product(s) Version(s)
IBM Maximo Asset Management 7.6.1.2
IBM Maximo Asset Management 7.6.1.1
Manage Component 8.3

* To determine the core product version, log in and view System Information. The core product version is the "Tivoli's process automation engine" version. Please consult the Platform Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6615273
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/231116

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat

November 30, 2022 | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tomcat. ...read more


Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to information disclosure and weaker security (CVE-2022-43901, CVE-2022-43900)

November 30, 2022 | Medium Severity

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information and contain weaker than expected security. This has been addressed. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

November 30, 2022 | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. ...read more