CVE-2013-5402

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

3.5LOW

EPSS

0.2%

top 60.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Change AND Configuration Management Database IBM Maximo Asset Management IBM Maximo Asset Management Essentials +9 more

Timeline

PublishedDec 18

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager,…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages7 packages

▶NVDibm/maximo_asset_management_essentials7 versions+6

▶NVDibm/maximo_asset_management18 versions+17

▶NVDibm/maximo7 versions+6

▶NVDibm/tivoli_asset_management4 versions+3

▶NVDibm/change_and_configuration_management_database4 versions+3

🔴Vulnerability Details

GHSA

GHSA-23c4-jq8q-2m9j: Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear↗2022-05-17

▶

CVEList

CVE-2013-5402: Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear↗2013-12-18

▶