Filtered by vendor Ibm
Subscriptions
Filtered by product Maximo Asset Management
Subscriptions
Total
176 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-1499 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2024-09-17 | N/A |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106. | ||||
CVE-2021-38935 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 7.5 High |
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | ||||
CVE-2018-1872 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330. | ||||
CVE-2017-1175 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297. | ||||
CVE-2017-1208 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778. | ||||
CVE-2017-1357 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. | ||||
CVE-2019-4303 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-09-16 | 5.4 Medium |
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949. | ||||
CVE-2021-29744 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-09-16 | 5.4 Medium |
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. | ||||
CVE-2021-20374 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | 5.4 Medium |
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522. | ||||
CVE-2019-4583 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | 4.3 Medium |
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289. | ||||
CVE-2018-1715 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003. | ||||
CVE-2018-1415 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821. | ||||
CVE-2020-4463 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | 8.2 High |
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484. | ||||
CVE-2018-1697 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966. | ||||
CVE-2018-1698 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967. | ||||
CVE-2020-4526 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | 4.3 Medium |
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. | ||||
CVE-2018-1584 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | N/A |
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497. | ||||
CVE-2021-29854 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-09-16 | 7.2 High |
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. | ||||
CVE-2022-35714 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | 5.4 Medium |
IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. | ||||
CVE-2022-22435 | 1 Ibm | 1 Maximo Asset Management | 2024-09-16 | 5.4 Medium |
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |