CVE-2011-4819

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72008

http://www.securityfocus.com/bid/52333

http://www.ibm.com/support/docview.wss?uid=swg21584666

http://www-01.ibm.com/support/docview.wss?uid=swg1IV09202

http://secunia.com/advisories/48299

Details

Source: Mitre, NVD

Published: 2012-03-13

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00295