IBM Maximo Asset Management CVE-2018-1715 Cross Site Scripting Vulnerability

Bugtraq ID:	105131
Class:	Input Validation Error
CVE:	CVE-2018-1715
Remote:	Yes
Local:	No
Published:	Jul 31 2018 12:00AM
Updated:	Jul 31 2018 12:00AM
Credit:	IBM
Vulnerable:	IBM Tivoli Integration Composer 0 IBM SmartCloud Control Desk 0 IBM Maximo for Utilities 0 IBM Maximo for Transportation 0 IBM Maximo for Oil and Gas 0 IBM Maximo for Nuclear Power 0 IBM Maximo for Life Sciences 0 IBM Maximo for Government 0 IBM Maximo for Aviation 0 IBM Maximo Asset Management 7.6 IBM Control Desk 0
Not Vulnerable:	IBM Maximo Asset Management 7.6.1.0

IBM Maximo Asset Management CVE-2018-1715 Cross Site Scripting Vulnerability

IBM Maximo Asset Management is prone to cross-site scripting vulnerability because it fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

IBM Maximo Asset Management CVE-2018-1715 Cross Site Scripting Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IBM Maximo Asset Management CVE-2018-1715 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM Maximo Asset Management CVE-2018-1715 Cross Site Scripting Vulnerability

References:

• IBM Homepage (IBM)
  
• swg22017453: Security Bulletin: IBM Maximo Asset Management is affected by a cro (IBM)