IBM Multiple Products Multiple Vulnerabilities
IBM Maximo Asset Management versions 7.5, 7.1, and 6.2
IBM Maximo Asset Management Essentials versions 7.5, 7.1, and 6.2
IBM SmartCloud Control Desk version 7.5
IBM Tivoli Asset Management for IT versions 7.2, 7.1, and 6.2
IBM Tivoli Change and Configuration Management Database versions 7.2 and 7.1
IBM Tivoli Service Request Manager versions 7.2, 7.1, and 6.2
A weakness and multiple vulnerabilities have been reported in multiple IBM products.
IBM Reference #:1625624
IBM Product Security Incident Response Blog
Secunia Advisory SA52132
1) The application bundles a vulnerable version of the IBM Eclipse Help System (IEHS).
2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Some unspecified errors can be exploited to bypass certain security restrictions.
Vulnerabilities can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and spoofing attacks and bypass certain security restrictions.
The recommended solution is to download the appropriate Interim Fix or Fix Pack from Fix Central