90 matches found
Security Bulletin: Security Vulnerability in IBM Maximo Asset Management (CVE-2015-1951) allows cacheable HTTPS response
Summary A vulnerability in Maximo Asset Management could allow an attacker to obtain sensitive information which is stored in a local cache. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization,...
Security Bulletin: Cross-Site Scripting (XSS) and Remote Code Execution Vulnerabilities Affecting Asset and Service Management (CVE-2015-0104, CVE-2015-0107, CVE-2015-0108, CVE-2015-0109)
Summary There are cross-site scripting and remove code execution vulnerabilities in code that is used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Vulnerabilities Addressed in Asset and Service Mgmt
Abstract Security Bulletin: Security vulnerabilities in Maximo Asset Mgmt, Tivoli Asset Mgmt for IT, Tivoli Service Request Manager, Change and Configuration Mgmt Database. See Vulnerability Details for CVE IDs Content VULNERABILITY DETAILS: CVE ID: CVE-2011-1394, CVE-2011-1395, CVE-2011-1396,...
PT-2018-17586 · Micro Focus · Hp Universal Cmdb +2
Name of the Vulnerable Software and Affected Versions: Micro Focus Universal CMDB versions 10.20 through 10.33, 11.0 Micro Focus CMS versions 4.10 through 4.15.1 Micro Focus UCMDB Browser versions 4.10 through 4.15.1 Description: The issue is related to Cross-Site Scripting XSS, which could be...
CVE-2018-6488
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution...
CVE-2015-0104
CVE-2015-0104 affects IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management/Maximo Industry Solutions (7.1–7.1.1.8, 7.5 before 7.5.0.7 IFIX003, 7.6 before 7.6.0.0 IFIX002). The issue is a Remote C...
HP UCMDB Server Java Deserialization RCE
The HP Universal Configuration Management Database UCMDB Server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can...
CVE-2016-4367
The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors...
Password expiration vulnerability in multiple IBM products
IBM Maximo Asset Management is a product of IBM Corporation.Maximo Asset Management and Maximo Asset Management Essentials are comprehensive asset lifecycle and maintenance management solutions.SmartCloud Control Desk SCCD is a unified asset and service management software.Tivoli IT Asset...
HP Universal Configuration Management Database Server (UCMDB) Local Information Disclosure (HPSBGN03504)
The version of HP Universal Configuration Management Database Server UCMDB running on the remote web server is affected by an unspecified local information disclosure vulnerability. A local attacker can exploit this to gain access to admin or root password information. C Tenable Network Security,...
HP Universal Configuration Management Database Server Authentication Bypass
The version of HP Universal Configuration Management Database Server running on the remote web server is affected by an authentication bypass vulnerability due to the JMX-Console component performing access control only for GET and POST methods. A remote attacker, using the HTTP HEAD method, can...
HP Universal Configuration Management Database Data Flow Probe Gateway Cross-Site Tracing
The version of HP Universal Configuration Management Database Data Flow Probe Gateway running on the remote web server is affected by a cross-site tracing vulnerability. A remote attacker can exploit this to gain access to information in HTTP headers such as cookies and authentication data...
CVE-2014-2616
Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091...
CVE-2014-0824
Cross-site scripting XSS vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB 7....
Sql injection
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 a...
CVE-2013-6741
The CVE-2013-6741 issue affects IBM Maximo Asset Management and related IBM Tivoli products, allowing remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error. Affected products include Maximo Asset Management 7.x (before 7.1.1.7 LAFIX.20140319...
CVE-2014-0825
The CVE-2014-0825 entry describes an XSS vulnerability in openreport.jsp affecting IBM Maximo Asset Management 7.x (including 7.1, 7.5 ranges) and related Tivoli/SmartCloud components, where remote authenticated users can inject arbitrary web script or HTML via a crafted report parameter. The IBM...
[security bulletin] HPSBMU02988 rev.1 - HP Universal Configuration Management Database, Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04220407 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04220407 Version: 1 HPSBMU02988 rev....
HP Universal Configuration Management Database远程代码执行漏洞
Bugtraq ID:66963 CVE ID:CVE-2013-6215 HP Universal Configuration Management Database是惠普公司的统一配置管理数据库应用。 HP Universal Configuration Management Database存在一个未明安全漏洞,允许远程攻击者利用漏洞以应用程序上下文执行任意代码。 0 HP Universal Configuration Management Database Integration Service v10.01 HP Universal Configuration...
HP Universal Configuration Management Database远程代码执行漏洞
Bugtraq ID:66962 CVE ID:CVE-2013-6214 HP Universal Configuration Management Database是惠普公司的统一配置管理数据库应用。 HP Universal Configuration Management Database存在一个未明安全漏洞,允许远程攻击者利用漏洞获取敏感信息。 0 HP Universal Configuration Management Database Integration Service v9.05 HP Universal Configuration Management...