CVE-2018-1414

CVE-2018-1414 affects IBM Maximo Asset Management core products: 7.6 and 7.5 (and Maximo Asset Management Essentials 7.5), with a SQL injection vulnerability that enables a remote attacker to view, add, modify, or delete data in the back-end database. The root cause is an injectable SQL path in t...

CVE-2018-1415

Summary: IBM Maximo Asset Management 7.6 is affected by a cross-site scripting (XSS) vulnerability in the Web UI. The core product versions affected are 7.6.0.5, 7.6.0.6, 7.6.0.7, and 7.6.0.8; affected installations may also include Industry Solutions and IBM Control Desk products when installed ...

CVE-2017-1499

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106...

Code injection

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

Code injection

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684...

CVE-2017-1357

CVE-2017-1357 affects IBM Maximo Asset Management 7.5 and 7.6 (core product), where an authenticated user can manipulate work orders to forge emails, enabling potentially more‑advanced attacks. The IBM Security Bulletin confirms the vulnerability and lists affected versions across core Maximo and...

Sql injection

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297...

Code injection

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299...

CVE-2017-1176

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299...

CVE-2017-1208

CVE-2017-1208 affects IBM Maximo Asset Management 7.6, 7.5, and 7.1 (core product and affected related offerings). The IBM bulletin confirms a cross-site scripting vulnerability in the Web UI that lets attackers embed arbitrary JavaScript, potentially leading to credentials disclosure within a tr...

CVE-2017-1175

CVE-2017-1175 affects IBM Maximo Asset Management core product: versions 7.1, 7.5, and 7.6 are vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements to view, add, modify, or delete data in the back-end database. The IBM security bulletin lists remediation as a...

CVE-2016-9984

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276...

CVE-2016-9984

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276...

CVE-2016-8987

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view...

CVE-2016-8987

CVE-2016-8987 - IBM Maximo Asset Management could allow an authenticated user to view incorrect item sets they should not access. Affected core versions: Maximo Asset Management 7.6, 7.5, 7.1, plus related Industry Solutions (Maximo for Aviation, Life Sciences, Nuclear Power, Oil and Gas, Transpo...

CVE-2016-9977

CVE-2016-9977 affects IBM Maximo Asset Management core products 7.1, 7.5, and 7.6 (and related Industry Solutions and IBM Control Desk on top) with a vulnerability that allows remote session hijacking due to failure to invalidate an existing session identifier. Affected products include Maximo As...

CVE-2017-1292

IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153...

Design/Logic Flaw

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remot...