Lucene search

K

Asset Suite Security Vulnerabilities

cve
cve

CVE-2024-22333

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

4CVSS

3.6AI Score

0.0004EPSS

2024-06-13 02:15 PM
13
cve
cve

CVE-2024-23584

The NMAP Importer service​ may expose data store credentials to authorized users of the Windows...

6.6CVSS

6.8AI Score

0.0004EPSS

2024-04-08 11:15 PM
26
cve
cve

CVE-2024-2244

REST service authentication anomaly with “valid username/no password” credential combination for batch job processing resulting in successful service invocation. The anomaly doesn’t exist with other credential...

5.3CVSS

7.1AI Score

0.0004EPSS

2024-03-27 02:15 AM
32
cve
cve

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

8.2CVSS

7.9AI Score

0.001EPSS

2024-03-14 07:15 PM
43
cve
cve

CVE-2023-38723

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-03-13 10:15 AM
17
cve
cve

CVE-2023-32335

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: ...

3.7CVSS

3.7AI Score

0.0004EPSS

2024-03-13 10:15 AM
8
cve
cve

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...

5.4CVSS

5.3AI Score

0.0004EPSS

2024-01-19 02:15 AM
15
cve
cve

CVE-2023-47718

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...

8.8CVSS

8.3AI Score

0.001EPSS

2024-01-19 02:15 AM
7
cve
cve

CVE-2023-4816

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and.....

8.8CVSS

8.7AI Score

0.001EPSS

2023-09-11 08:15 AM
11
cve
cve

CVE-2023-32332

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM...

5.4CVSS

5.5AI Score

0.001EPSS

2023-09-08 08:15 PM
27
cve
cve

CVE-2023-32334

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: ...

5.3CVSS

4.9AI Score

0.001EPSS

2023-06-05 01:15 AM
16
cve
cve

CVE-2022-35645

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

6.4CVSS

5.1AI Score

0.001EPSS

2023-03-02 09:15 PM
31
cve
cve

CVE-2022-41734

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

7.5CVSS

7AI Score

0.001EPSS

2023-02-17 06:15 PM
24
cve
cve

CVE-2022-35281

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: ...

8.8CVSS

8.4AI Score

0.001EPSS

2023-01-09 08:15 AM
34
cve
cve

CVE-2021-38924

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID:...

7.5CVSS

7AI Score

0.001EPSS

2022-09-14 05:15 PM
35
15
cve
cve

CVE-2021-29854

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the...

7.2CVSS

6.7AI Score

0.001EPSS

2022-05-03 07:15 PM
61
2
cve
cve

CVE-2021-29743

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS

5.2AI Score

0.001EPSS

2021-08-30 05:15 PM
20
cve
cve

CVE-2021-29744

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS

5.2AI Score

0.001EPSS

2021-08-27 04:15 PM
22
2
cve
cve

CVE-2021-2233

Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

8.1CVSS

8.1AI Score

0.001EPSS

2021-04-22 10:15 PM
42
3
cve
cve

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery...

6.9CVSS

6.8AI Score

0.061EPSS

2020-04-29 10:15 PM
5346
In Wild
18
cve
cve

CVE-2019-18998

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource...

7.1CVSS

6.8AI Score

0.001EPSS

2020-02-17 07:15 PM
37
cve
cve

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native...

6.1CVSS

6.4AI Score

0.035EPSS

2019-04-20 12:29 AM
1196
In Wild
6
cve
cve

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be...

6.1CVSS

6.3AI Score

0.007EPSS

2018-01-18 11:29 PM
1680
5
cve
cve

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web...

9.8CVSS

9.7AI Score

0.018EPSS

2017-11-09 05:29 PM
172
8
cve
cve

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary...

9.8CVSS

9.5AI Score

0.874EPSS

2017-04-17 09:59 PM
453
3
cve
cve

CVE-2008-1786

The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2.....

7.6AI Score

0.32EPSS

2008-04-16 05:05 PM
23
cve
cve

CVE-2008-1472

Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or...

8.1AI Score

0.926EPSS

2008-03-24 10:44 PM
23