CVE-2016-5902 — MEDIUM (6.1)

Vulnerability Description

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Maximo Asset Management	7.1
Ibm	Maximo For Aviation	7.1
Ibm	Maximo For Energy Optimization	7.1
Ibm	Maximo For Government	7.1
Ibm	Maximo For Life Sciences	7.1
Ibm	Maximo For Nuclear Power	7.1
Ibm	Maximo For Oil And Gas	7.1
Ibm	Maximo For Transportation	7.1
Ibm	Maximo For Utilities	7.1

Related Weaknesses (CWE)

CWE-79

References

http://www.ibm.com/support/docview.wss?uid=swg21988252PatchVendor Advisory
http://www.securityfocus.com/bid/92535Third Party AdvisoryVDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21988252PatchVendor Advisory
http://www.securityfocus.com/bid/92535Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-5902?

CVE-2016-5902 is a vulnerability with a CVSS score of 6.1 (MEDIUM). IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

How severe is CVE-2016-5902?

CVE-2016-5902 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5902?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Maximo Asset Management, Ibm Maximo For Aviation, Ibm Maximo For Energy Optimization, Ibm Maximo For Government, Ibm Maximo For Life Sciences.