CVE-2012-3328

Published: Feb 20, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (CCMDB) 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden frame footer.

Affected (9)

Products: Ibm: Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials, Tivoli Asset Management For It, Tivoli Service Request Manager

Ibm

5 products

Change And Configuration Management Database

Maximo Asset Management

Maximo Asset Management Essentials

Tivoli Asset Management For It

Tivoli Service Request Manager

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Ibm Change And Configuration Management Database	Version 7.1.
Ibm Change And Configuration Management Database	Version 7.2.0
Ibm Maximo Asset Management	Version 7.1
Ibm Maximo Asset Management Essentials	Version 7.1
Ibm Tivoli Asset Management For It	Version 7.1
Ibm Tivoli Asset Management For It	Version 7.2
Ibm Tivoli Service Request Manager	Version 7.1.0.0
Ibm Tivoli Service Request Manager	Version 7.1.0
Ibm Tivoli Service Request Manager	Version 7.2.0.0