IBM Maximo Asset Management is prone to cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Information
IBM SmartCloud Control Desk 0
IBM Maximo for Utilities 0
IBM Maximo for Transportation 0
IBM Maximo for Oil and Gas 0
IBM Maximo for Nuclear Power 0
IBM Maximo for Life Sciences 0
IBM Maximo for Aviation 0
IBM Maximo Asset Management 7.6
IBM Control Desk 0
IBM Maximo Asset Management 7.6.0.9
Exploit
An attacker can exploit the issue by enticing an unsuspecting user to visit a specially crafted URL.
References: