Medium Severity

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2021-29744)

Share this post:

IBM Maximo Asset Management is vulnerable to cross-site scripting.

CVE(s): CVE-2021-29744

Affected product(s) and affected version(s):

This vulnerability affects the following versions of the IBM Maximo Asset Management core product.  Older versions of Maximo Asset Management may be impacted. The recommended action is to update to the latest version.

Maximo Asset Management core product versions affected:

Affected Product(s) Version(s)
IBM Maximo Asset Management 7.6.0.x
IBM Maximo Asset Management 7.6.1.x
IBM Maximo Application Suite MAS 8.4-Manage 8.0

* To determine the core product version, log in and view System Information. The core product version is the "Tivoli's process automation engine" version. Please consult the Product Coexistence Matrix for a list of supported product combinations.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6484391
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201694

More stories

Security Bulletin: IBM Security Privileged Identity Manager is affected by WebSphere Application Server is vulnerable to a directory traversal vulnerability

Sep 20, 2021 8:03 pm EDT | Medium Severity

IBM Security Privileged Identity Manager has addressed a WebSphere Application Server is vulnerable to a directory traversal vulnerability. ...read more


Security Bulletin: IBM® Db2® could allow a local user to read and write specific files due to weak file permissions (CVE-2020-4976)

Sep 20, 2021 8:02 pm EDT | Medium Severity

IBM® Db2® could allow a local user to read and write specific files due to weak file permissions ...read more


Security Bulletin: The PowerVM hypervisor is vulnerable to a specially crafted sequence of hypervisor calls from a partition that can lead to a system crash

Sep 20, 2021 8:02 pm EDT | Medium Severity

An attacker that gains total control of a virtual machine running on the PowerVM hypervisor could issue a specially crafted sequence of hypervisor calls that will lead to a system crash and and an outage of all virtual machines running on the same system ...read more