90 matches found
Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain information due to the autocomplete feature on password input fields (CVE-2015-1933)
Summary The autocomplete attribute of the password field on the Maximo Asset Management Login page is not set to false. This vulnerability could allow a local attacker to obtain account access. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-1181 and CVE-2016-1182)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Asset and Service Management (CVE-2014-0114)
Summary WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maxim...
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server shipped with Asset and Service Management
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: Potential denial of service may affect IBM HTTP Server on Windows (CVE-2015-1829), impacting Asset and Service Management
Summary There is a potential denial of service that may affect IBM HTTP Server on Windows CVE-2015-1829. To exploit the attack requires local access to the server system. The attack affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for...
Security Bulletin: Vulnerability with RSA Export Keys May Affect IBM WebSphere Application Server on Asset and Service Management (CVE-2015-0138)
Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1504)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-4000) Affects Asset and Service Management
Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo f...
CVE-2022-1410
OS Command Injection vulnerability in the dboptimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
How to Quickly Prioritize Risks with VMDR 2.0 and Orchestrate Response with CMDB & ITSM Integration
A single source of truth for asset inventory enables Cybersecurity and IT teams to optimally automate risk prioritization and response. Qualys VMDR 2.0 with TruRiskTM leverages Qualys CSAM to automate the Asset Criticality Score, a key parameter of risk scoring. This blog explains how with insigh...
CVE-2018-18593
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. T...
CVE-2018-0345
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due t...
Micro Focus Universal Configuration Management Database Browser Cross-Site Request Forgery Vulnerability
Micro Focus Universal Configuration Management Database UCMDB is a suite of database software from Micro Focus, UK, that stores, controls and manages software and infrastructure components and their interrelationships.UCMDB Browser is one of the browsers used to access the UCMDB data. UCMDB Brows...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1788)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1741)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1681)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: IBM Maximo Asset Management could allow a local attacker to obtain sensitive information using HTTP Header Injection (CVE-2017-1124)
Summary IBM Maximo Asset Management could allow a local attacker to obtain sensitive information using HTTP Header Injection. Vulnerability Details CVEID: CVE-2017-1124 DESCRIPTION: IBM Maximo Asset Management could allow a local attacker to obtain sensitive information using HTTP Header Injectio...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-9736)
Summary IBM WebSphere Application Server is shipped with Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter...
Security Bulletin: Multiple vulnerabilities identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-0201, CVE-2015-7420)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: IBM Maximo Asset Management contains a vulnerability which could allow an authenticated system administrator to obtain sensitive information incorrectly exposed in log files (CVE-2015-7487)
Summary IBM Maximo Asset Management contains a vulnerability which could allow an authenticated system administrator to obtain sensitive information incorrectly exposed in log files. Vulnerability Details CVEID: CVE-2015-7487 DESCRIPTION: IBM Maximo Asset Management contains a vulnerability which...