CVE-2012-3313

Published: Sep 10, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (13)

Products: Ibm: Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk, Smartcloud Control Desk, Tivoli Asset Management For It, Tivoli Service Request Manager

Ibm

6 products

Change And Configuration Management Database

Maximo Asset Management

Maximo Service Desk

Smartcloud Control Desk

Tivoli Asset Management For It

Tivoli Service Request Manager

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Ibm Change And Configuration Management Database	Version 6.0
Ibm Change And Configuration Management Database	Version 7.0
Ibm Maximo Asset Management	Version 6.2.0.0
Ibm Maximo Asset Management	Version 7.1.0.0
Ibm Maximo Asset Management	Version 7.5.0.0
Ibm Maximo Service Desk	Version 6.2
Ibm Smartcloud Control Desk	Version 7.0
Ibm Tivoli Asset Management For It	Version 6.0
Ibm Tivoli Asset Management For It	Version 6.2
Ibm Tivoli Asset Management For It	Version 7.0
Ibm Tivoli Asset Management For It	Version 7.1
Ibm Tivoli Asset Management For It	Version 7.2
Ibm Tivoli Service Request Manager	Version 7.0