CVE-2013-3048

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-5381

CVE-2013-5381 affects IBM Maximo Asset Management and related products. Affects: Maximo Asset Management 6.2 (6.2.0–6.2.8), 7.1 (up to 7.1.1.12), and 7.5 prior to 7.5.0.3. Description: remote authenticated users can gain privileges via unspecified vectors. No further technical exploit specifics a...

CVE-2013-4017

CVE-2013-4017 is an SQL injection vulnerability in IBM Maximo Asset Management 7.1 prior to 7.1.1.12, enabling remote execution of arbitrary SQL via unspecified vectors. The IBM security bulletin lists affected products including Maximo Asset Management and related offerings across 6.2–7.5 lines,...

CVE-2013-4019

CVE-2013-4019 is an XSS vulnerability in IBM Maximo Asset Management (and related Maximo offerings) affecting 6.2.x through 6.2.8 and 7.1 up to 7.1.1.12. The description specifies remote authenticated users can inject arbitrary web script/HTML via unspecified vectors. Connected IBM bulletin detai...

CVE-2013-4020

CVE-2013-4020 affects IBM Maximo Asset Management and related products: Maximo Asset Management 6.2.x, 7.1.x, and 7.5 prior to 7.5.0.3 allow remote authenticated users to bypass access restrictions via unspecified vectors. The connected IBM bulletin and NVD entry confirm the affected versions and...

CVE-2013-4021

CVE-2013-4021 affects IBM Maximo Asset Management and related products (Maximo Asset Management 6.2.x up to 6.2.8; 7.1 up to 7.1.1.12; 7.5 up to 7.5.0.5) and several IBM Maximo/Tivoli components. The vulnerability is described as an unspecified remote file-inclusion issue exploitable by remote au...

CVE-2013-4027

CVE-2013-4027 affects IBM Maximo Asset Management and related products (Maximo Asset Management 6.2.x, 7.1.x, 7.5) where remote authenticated users can bypass access restrictions via unspecified vectors. The connected IBM bulletin confirms vulnerable components and lists FIX/IF packages per relea...

CVE-2013-4018

CVE-2013-4018 affects IBM Maximo Asset Management and related offerings: Maximo Asset Management 6.2–6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 are able to disclose sensitive information to remote authenticated users via unspecified vectors. The IBM flash bulletin and related advisories p...

CVE-2013-5382

CVE-2013-5382 affects IBM Maximo Asset Management family (6.2–6.2.8, 7.1 before 7.1.1.12, 7.5 before 7.5.0.5). The vulnerability allows remote authenticated users to gain privileges via unspecified vectors (distinct from CVE-2013-5383). IBM’s vendor bulletin lists multiple APARs tied to this CVE ...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management...

CVE-2012-6356

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation...

CVE-2012-6357

Technical details about CVE-2012-6357 are not publicly provided in the connected documents. The initial description lists affected IBM Maximo products but does not disclose vulnerability specifics, vectors, or remediation. Monitor for updates.

Code injection

IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote authenticated users to obtain sensitive information via...

CVE-2012-2185

CVE-2012-2185 affects IBM Maximo Asset Management and related products (Maximo Asset Management 6.2–7.5 and associated suites) used with SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB. The IBM bulletin documents information ...

CVE-2012-2185

IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database CCMDB, allows remote authenticated users to obtain sensitive information via...

CVE-2012-0728

CVE-2012-0728 is an SQL injection in IBM Maximo Asset Management 7.1–7.5 (as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The vulnerability allows remote authenticated users to execute arbitrary SQL commands via ...

CVE-2011-4819

Multiple cross-site scripting XSS vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to 1 maximo.jsp or 2 the default URI under ui/...

CVE-2011-1394

IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database CCMDB 6.2, 7.1, and 7.2 all...

CVE-2011-1395

Cross-site scripting XSS vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter...

CVE-2011-4818

CVE-2011-4818 affects IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5). It is an open redirect via the uisessionid parameter to an unspecified component, enabling remote authenticated users to redirect to arbitrary sites (phishing risk). IBM’s vulnerability not...