CVE-2023-27864

CVE-2023-27864 – IBM Maximo Asset Management HTML injection affects IBM Maximo Asset Management core product versions 7.6.1.2 and 7.6.1.3. The issue allows a remote attacker to inject malicious HTML that is rendered in the victim’s browser within the hosting site’s security context. CVSS base sco...

CVE-2023-27864 IBM Maximo Asset Management HTML injection

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327...

Information disclosure

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207...

CVE-2023-27860

CVE-2023-27860 affects IBM Maximo Asset Management core product versions 7.6.1.2 and 7.6.1.3. The issue is information disclosure via an error message, which could aid further attacks. The IBM Security Bulletin and Red Hat/CNVD-related records confirm the affected versions and classify the CVSS a...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-26283)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

CVE-2022-46774

IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953...

CVE-2022-46774

CVE-2022-46774 affects IBM Maximo Manage application in IBM Maximo Application Suite, specifically MAS versions 8.8.0 and 8.9.0. The root cause is incorrect default permissions that could allow a user to perform actions they should not have access to, leading to an authorization issue. Impact: ac...

Security Bulletin: There is a vulnerability in Eclipse Jetty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-2047)

Summary There is a vulnerability in Eclipse Jetty used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpUR...

CVE-2022-35645

The CVE-2022-35645 issue affects IBM Maximo Asset Management core products versions 7.6.1.1–7.6.1.3 and IBM Maximo Application Suite versions 8.8–8.9, with stored cross-site scripting in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials in a trusted s...

CVE-2022-43923

IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584...

CVE-2022-43923

CVE-2022-43923 affects IBM Maximo Application Suite, specifically the Maximo Manage component within MAS versions 8.8.0 and 8.9.0 , where potentially sensitive information could be readable by a local user (information disclosure). The Red Hat and IBM security bulletin corroborates the affected p...

CVE-2022-43923

IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584...

CVE-2022-41734

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587...

CVE-2022-41734

CVE-2022-41734 affects IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 (and related MAS Manage components) where remote attackers can obtain sensitive information via detailed browser error messages, enabling information disclosure. The issue is a result of insufficient protection of sensitive da...

CVE-2022-41734 IBM Maximo Asset Management information disclosure

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587...

CVE-2022-35281

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...

CVE-2022-35281

CVE-2022-35281 affects IBM Maximo Asset Management versions 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Manage in IBM Maximo Application Suite versions 8.3 and 8.4. The issue is described as CSV injection vulnerability. The Red Hat and IBM bulletins confirm the affected product set and provide remed...

CVE-2022-35281 IBM Maximo Application Suite command injection

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...

CVE-2022-41732

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407...

IBM Maximo Asset Management Authentication Error Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution enables the management of all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control ov...