Lucene search
K

21 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.25 views

Security Bulletin: IBM Maximo Asset Management contains a vulnerability that could allow a remote authenticated user to view ticket worklog entries that they should not have access to (CVE-2015-5016)

Summary IBM Maximo Asset Management contains a vulnerability that could allow a remote authenticated user to view ticket worklog entries that they should not have access to. This vulnerability could allow a local attacker to obtain sensitive information. The vulnerability affects Maximo Asset...

4.3CVSS4.1AI score0.00993EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.21 views

Security Bulletin: Potential denial of service may affect IBM HTTP Server on Windows (CVE-2015-1829), impacting Asset and Service Management

Summary There is a potential denial of service that may affect IBM HTTP Server on Windows CVE-2015-1829. To exploit the attack requires local access to the server system. The attack affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for...

5CVSS7.7AI score0.02552EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.33 views

Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-4000) Affects Asset and Service Management

Summary The LogJam Attack on Diffie-Hellman ciphers CVE-2015-4000 may affect some configurations of IBM WebSphere Application Server. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo f...

3.7CVSS4.2AI score0.9986EPSS
Exploits1Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.18 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1504)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

6.5CVSS6.6AI score0.00944EPSS
Exploits0Affected Software15
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:13 p.m.26 views

Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to view query results that the user should not have access to view due to improper access control (CVE-2015-5051)

Summary IBM Maximo Asset Management contains a vulnerability which could allow an authenticated user to view query results that the user should not have access to view due to improper access control. This vulnerability could allow a local attacker to compromise data integrity. The vulnerability...

4.3CVSS0.6AI score0.00935EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:13 p.m.25 views

Security Bulletin: IBM Maximo Asset Management could allow an authenticated user to change or view information that the user should not have access to due to issues with the Scheduler functionality (CVE-2015-7396)

Summary IBM Maximo Asset Management could allow an authenticated user to change or view information that the user should not have access to due to issues with the Scheduler functionality. This vulnerability could allow a local attacker to compromise data integrity and confidentiality. The...

5.5CVSS0.5AI score0.00791EPSS
Exploits0Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 2:55 p.m.26 views

Security Bulletin: Cross-Site Scripting (XSS) and Remote Code Execution Vulnerabilities Affecting Asset and Service Management (CVE-2015-0104, CVE-2015-0107, CVE-2015-0108, CVE-2015-0109)

Summary There are cross-site scripting and remove code execution vulnerabilities in code that is used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

8.8CVSS0.7AI score0.06849EPSS
Exploits2Affected Software11
ATTACKERKB
ATTACKERKB
added 2018/03/27 5:29 p.m.3 views

CVE-2015-5016

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket...

4.3CVSS5.8AI score0.00993EPSS
Exploits0References3
NVD
NVD
added 2013/12/18 4:4 p.m.22 views

CVE-2013-5402

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 befo...

3.5CVSS5.2AI score0.00946EPSS
Exploits0References4
NVD
NVD
added 2012/03/13 3:12 a.m.24 views

CVE-2011-4818

Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component...

4.3CVSS6.1AI score0.01182EPSS
Exploits1References5
NVD
NVD
added 2012/03/13 3:12 a.m.25 views

CVE-2011-1397

Cross-site request forgery CSRF vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM...

6.8CVSS7.1AI score0.01047EPSS
Exploits0References6
Prion
Prion
added 2012/03/13 3:12 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter...

4.3CVSS6AI score0.01161EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2012/03/13 3:12 a.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to 1 maximo.jsp or 2 the default URI under ui/...

4.3CVSS6AI score0.01161EPSS
Exploits1References5Affected Software2
Prion
Prion
added 2012/03/13 3:12 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service...

4.3CVSS6AI score0.01951EPSS
Exploits0References6Affected Software6
Prion
Prion
added 2012/03/13 3:12 a.m.26 views

Code injection

The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management...

4CVSS6.7AI score0.01209EPSS
Exploits0References6Affected Software6
Prion
Prion
added 2012/03/13 3:12 a.m.23 views

Session fixation

IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database CCMDB 6.2, 7.1, and 7.2 all...

5CVSS7.1AI score0.02584EPSS
Exploits0References6Affected Software6
CVE
CVE
added 2012/03/13 1:0 a.m.55 views

CVE-2011-1396

The CVE-2011-1396 entry describes an XSS vulnerability in IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5) that allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. Affected products include Ma...

4.3CVSS5.8AI score0.01161EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2012/03/13 1:0 a.m.23 views

CVE-2012-0195

Cross-site scripting XSS vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service...

5.7AI score0.01951EPSS
Exploits0References6
CVE
CVE
added 2012/03/13 1:0 a.m.58 views

CVE-2011-1397

CVE-2011-1397 is a CSRF vulnerability in IBM Maximo and related products (Asset Management, Essentials, Tivoli AM for IT, Service Request Manager, Maximo Service Desk, CCMDB) affecting 6.2, 7.1, 7.2 and 7.5. Attack could hijack user authentication via the Labor Reporting page. IBM remediation via...

6.8CVSS7.3AI score0.01047EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2012/03/13 1:0 a.m.51 views

CVE-2011-1395

CVE-2011-1395 is an XSS vulnerability in IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5) affecting imicon.jsp via the controlid parameter. Exploitation could allow remote attackers to inject arbitrary script/HTML. IBM notes multiple related CVEs in the same fa...

4.3CVSS5.8AI score0.01161EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder