IBM Maximo Asset Management CVE-2017-1208 XSS Vulnerability Advisory and Fix

Based on the provided web page screenshot content, the following key vulnerability information can be extracted: Vulnerability Details - CVE ID: CVE-2017-1208 - Description: A vulnerability in IBM Maximo Asset Management allows for Cross-Site Scripting (XSS) attacks. This vulnerability enables users to embed arbitrary JavaScript code within the Web UI, potentially altering intended functionality and leading to credential disclosure within trusted sessions. - CVSS Base Score: 5.4 - CVSS Temporal Score: See - CVSS Environmental Score: Not defined - CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions - Core Maximo Asset Management products affected: - Maximo Asset Management 7.6, 7.5, 7.1 - Maximo Asset Management Essentials 7.5, 7.1 - Industry Solutions products affected when using impacted core versions: - Maximo for Aviation - Maximo for Government - Maximo for Life Sciences - Maximo for Nuclear Power - Maximo for Oil and Gas - Maximo for Transportation - Maximo for Utilities - IBM Control Desk products affected when using impacted core versions: - SmartCloud Control Desk - IBM Control Desk - Tivoli Asset Management for IT - Tivoli Integration Composer - Tivoli Service Request Manager - Tivoli Change and Configuration Management Database Remediation / Solution The recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central and apply it to each affected product as soon as possible. Refer to the links below for remediation details for each product, version, and release. Installation instructions can be found in the “readme” document included with each fix pack or interim fix. - For Maximo Asset Management 7.6, 7.5, 7.1: Workarounds and Mitigations - None Related Links - IBM Secure Engineering Web Portal: IBM Secure Engineering Web Portal - IBM Product Security Incident Response Blog: IBM Product Security Incident Response Blog Change History - June 30, 2017: Original version published

Goal Reached Thanks to every supporter — we hit 100%!

IBM Maximo Asset Management CVE-2017-1208 XSS Vulnerability Advisory and Fix