65 matches found
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature.(CVE-2024-22353)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...
Command Execution Vulnerabilities in Various Products of Beijing StarNet Ruijie Network Technology Company Limited (CNVD-2023-68249)
Beijing StarNet Ruijie Network Technology Co., Ltd. is an ICT infrastructure and industry solutions provider. A command execution vulnerability exists in various products of Beijing StarNet Ruijie Network Technology Co., Ltd. that can be exploited by attackers to gain server privileges...
Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-1920) affects Asset and Service Management
Summary A vulnerability in WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions. The vulnerability affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo...
Security Bulletin: IBM Maximo Asset Management contains a vulnerability that could allow a remote authenticated user to view ticket worklog entries that they should not have access to (CVE-2015-5016)
Summary IBM Maximo Asset Management contains a vulnerability that could allow a remote authenticated user to view ticket worklog entries that they should not have access to. This vulnerability could allow a local attacker to obtain sensitive information. The vulnerability affects Maximo Asset...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1380)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...
Security Bulletin: Security vulnerabilities have been identified in IBM® DB2® shipped with Asset and Service Management (CVE-2013-6747, CVE-2014-0963)
Summary IBM DB2 is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities, Tivo...
Security Bulletin: IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system. (CVE-2015-4966)
Summary IBM Maximo Asset Management installs with a default administrator account that a remote intruder could use to gain administrator access to the system. Vulnerability Details CVEID: CVE-2015-4966 DESCRIPTION: IBM Maximo Asset Management installs with a default administrator account that a...
Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0399)
Summary IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the a specially-crafted URL to execute script in a victim's Web browser within the security context of the...
Security Bulletin: Potential denial of service may affect IBM HTTP Server on Windows (CVE-2015-1829), impacting Asset and Service Management
Summary There is a potential denial of service that may affect IBM HTTP Server on Windows CVE-2015-1829. To exploit the attack requires local access to the server system. The attack affects Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for...
Security Bulletin: IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser (CVE-2016-5896)
Summary IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. Vulnerability Details CVEID: CVE-2016-5896 DESCRIPTION: IBM Maximo Asset Management could disclose sensitive information from a stack trace after...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2022 - Includes Oracle April 2022 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2022 - Includes Oracle January 2022 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...
Security Bulletin: IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass (CVE-2019-4591)
Summary IBM Maximo Asset Management is vulnerable to Security/Authentication Bypass. Vulnerability Details CVEID: CVE-2019-4591 DESCRIPTION: IBM Maximo Asset Management does not invalidate session after logout which could allow a local user to impersonate another user on the system. CVSS Base...
Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site request forgery (CVE-2020-4526)
Summary IBM Maximo Asset Management is vulnerable to cross-site request forgery. Vulnerability Details CVEID: CVE-2020-4526 DESCRIPTION: IBM Maximo Asset Management is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted...
Security Bulletin: IBM Maximo Asset Management is vulnerable to reverse tabnabbing (CVE-2020-4409)
Summary IBM Maximo Asset Management is vulnerable to reverse tabnabbing. Vulnerability Details CVEID: CVE-2020-4409 DESCRIPTION: IBM Maximo Asset Management could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted We...
Construction Industry Solutions Conis Construction Cloud输入验证错误漏洞
Construction Industry Solutions Conis Construction Cloud is an end-to-end cloud and mobile software solution from Construction Industry Solutions, Inc. Construction Industry Solutions Conis Construction Cloud version 11.12 is vulnerable to an input validation error that could be exploited by an...
Construction Industry Solutions Conis Construction Cloud Cross-Site Scripting Vulnerability (CNVD-2022-10776)
Construction Industry Solutions Conis Construction Cloud is an end-to-end cloud and mobile software solution from Construction Industry Solutions, Inc. that helps construction executives drive increased profitability across their business. Construction Industry Solutions Conis Construction Cloud ...
Construction Industry Solutions Conis Construction Cloud存在未明漏洞
Construction Industry Solutions Conis Construction Cloud is an end-to-end cloud and mobile software solution from Construction Industry Solutions, Inc. A security vulnerability exists in Construction Industry Solutions Conis Construction Cloud due to a design or implementation impropriety in the...