GCVE - cpe:2.3:a:ibm:change_and_configuration_management

Approved changes feed: RSS · Atom

cpe:2.3:a:ibm:change_and_configuration_management_database:7.1.1.7:*:*:*:*:*:*:*

part: a version: 7.1.1.7 update: *

Vendor	Ibm (`177c0602-9232-5933-8f2f-9d22f079d22d`)
Product	Change And Configuration Management Database (`6e1f0d7a-2595-55df-9e8c-702a0562184a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-0825`	vulnerable	2026-06-03 14:33:39.868524	Details available Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter. Published: 2014-05-26T16:00:00.000Z Updated: 2024-08-06T09:27:20.067Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg21670870 https://exchange.xforce.ibmcloud.com/vulnerabilities/90501 http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-0824`	vulnerable	2026-06-03 14:33:39.859434	Details available Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL. Published: 2014-05-26T16:00:00.000Z Updated: 2024-08-06T09:27:20.078Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg1IV52829 http://www-01.ibm.com/support/docview.wss?uid=swg21670870 https://exchange.xforce.ibmcloud.com/vulnerabilities/90500	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-6741`	vulnerable	2026-06-03 14:33:32.476910	Details available IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error. Published: 2014-05-26T16:00:00.000Z Updated: 2024-08-06T17:46:22.940Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg21670870 https://exchange.xforce.ibmcloud.com/vulnerabilities/89857 http://www-01.ibm.com/support/docview.wss?uid=swg1IV50316	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5465`	vulnerable	2026-06-03 14:33:21.470933	Details available IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, and 7.5.0.4 before IFIX011; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 do not properly restrict file types during uploads, which allows remote authenticated users to have an unspecified impact via an invalid type. Published: 2014-05-26T16:00:00.000Z Updated: 2024-08-06T17:15:20.356Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg1IV46511 http://www-01.ibm.com/support/docview.wss?uid=swg21670870 https://exchange.xforce.ibmcloud.com/vulnerabilities/88364	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4016`	vulnerable	2026-06-03 14:33:09.258181	Details available SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text. Published: 2014-05-26T16:00:00.000Z Updated: 2024-08-06T16:30:49.379Z Open on db.gcve.eu Reference links http://www-01.ibm.com/support/docview.wss?uid=swg21670870 https://exchange.xforce.ibmcloud.com/vulnerabilities/85793 http://www-01.ibm.com/support/docview.wss?uid=swg1IV41871	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

IBM Change and Configuration Management Database (CCMDB) 7.1.1.7

PURL mappings

Vulnerability references

Contribute