Filtered by vendor Ibm
Subscriptions
Filtered by product Maximo Asset Management
Subscriptions
Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4529 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 7.4 High |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. | ||||
| CVE-2019-4650 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 6.3 Medium |
| IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961. | ||||
| CVE-2019-4530 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 6.5 Medium |
| IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586. | ||||
| CVE-2018-1414 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2024-09-17 | N/A |
| IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820. | ||||
| CVE-2020-4223 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 5.4 Medium |
| IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121. | ||||
| CVE-2021-20509 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 9.8 Critical |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243. | ||||
| CVE-2019-4749 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2024-09-17 | 5.4 Medium |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. | ||||
| CVE-2022-22436 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 5.4 Medium |
| IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164. | ||||
| CVE-2018-1528 | 1 Ibm | 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more | 2024-09-17 | N/A |
| IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. | ||||
| CVE-2021-29743 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-09-17 | 5.4 Medium |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. | ||||
| CVE-2022-40616 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 8.1 High |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. | ||||
| CVE-2019-4430 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 7.5 High |
| IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. | ||||
| CVE-2019-4745 | 1 Ibm | 7 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 4 more | 2024-09-17 | 4.3 Medium |
| IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883. | ||||
| CVE-2019-4512 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-09-17 | 4.3 Medium |
| IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. | ||||
| CVE-2018-2028 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-09-17 | 6.5 Medium |
| IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. | ||||
| CVE-2019-4486 | 1 Ibm | 9 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 6 more | 2024-09-17 | 5.4 Medium |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. | ||||
| CVE-2019-4478 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 6.5 Medium |
| IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. | ||||
| CVE-2020-4493 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 9.8 Critical |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. | ||||
| CVE-2019-4671 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 6.3 Medium |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | ||||
| CVE-2019-4591 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 7.8 High |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. | ||||