Lucene search
K
IbmControl Desk

15 matches found

CVE
CVE
added 2019/06/06 12:35 a.m.87 views

CVE-2019-4048

CVE-2019-4048 affects IBM Maximo Asset Management 7.6. The vulnerability allows a physical user to obtain sensitive information from a previous user on the same machine (a back-and-refresh-type information disclosure). Affected core product: Maximo Asset Management 7.6 (and related Industry Solut...

2.1CVSS3.1AI score0.00307EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.76 views

CVE-2019-4056

IBM Maximo Asset Management 7.6 Work Centers' application lacks file type validation during upload, enabling upload of malicious files. Affected product: IBM Maximo Asset Management (core 7.6, with Industry Solutions and IBM Control Desk on top). Root cause: the upload workflow does not validate ...

4.3CVSS4.5AI score0.00863EPSS
CVE
CVE
added 2022/09/13 8:45 p.m.75 views

CVE-2022-22329

IBM Control Desk 7.6.1 is vulnerable because authorization tokens and session cookies lack the secure attribute, allowing cookie values to be captured if a user visits an http link or a link is planted on a site. The issue affects IBM Control Desk 7.6.x (notably 7.6.1). Mitigation documented by I...

4.3CVSS4.2AI score0.00545EPSS
CVE
CVE
added 2019/06/19 1:30 p.m.72 views

CVE-2019-4303

IBM Maximo Asset Management 7.6 is affected by a cross-site scripting vulnerability (CVE-2019-4303) that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Maximo Asset Management core 7.6...

5.4CVSS5.2AI score0.00987EPSS
CVE
CVE
added 2019/06/19 1:30 p.m.72 views

CVE-2019-4364

CVE-2019-4364 affects IBM Maximo Asset Management core product 7.6. The vulnerability is CSV injection that could allow a remote authenticated attacker to execute arbitrary commands on the system. Remediation is provided by IBM Fix Central; affected 7.6 versions include 7.6.1.1 FP, 7.6.0.10 iFix,...

8.5CVSS7.6AI score0.02615EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.70 views

CVE-2018-2028

CVE-2018-2028 affects IBM Maximo Asset Management 7.6. An authenticated user could replace a target page with a phishing site, potentially exposing highly sensitive information (confidentiality impact). The IBM bulletin lists affected core: Maximo Asset Management 7.6 (and related Industry Soluti...

6.5CVSS6AI score0.00784EPSS
CVE
CVE
added 2022/09/13 8:45 p.m.70 views

CVE-2022-22330

CVE-2022-22330 affects IBM Control Desk 7.6.x (notably 7.6.1) and is caused by the HTTPOnly flag not being set on a cookie (BAYEUX_BROWSER). A remote attacker could access cookie data due to this missing flag. IBM’s security bulletin confirms the vulnerability and provides a remediation path: upg...

5.3CVSS4.9AI score0.00726EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.60 views

CVE-2019-4749

CVE-2019-4749 denotes a cross-site scripting vulnerability in IBM Maximo Asset Management 7.6, allowing arbitrary JavaScript in the Web UI and potentially exposing credentials in a trusted session. IBM’s bulletin identifies affected core versions, notably 7.6.1.1, and directs remediation via inte...

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2019/10/09 3:0 p.m.54 views

CVE-2019-4512

CVE-2019-4512 affects IBM Maximo Asset Management 7.6.1.1. The vulnerability arises from an error message that leaks sensitive information, enabling information disclosure. The IBM Security Bulletin lists affected products (core Maximo Asset Management 7.6.1.1 and related Industry Solutions/Contr...

4.3CVSS4.2AI score0.00994EPSS
CVE
CVE
added 2020/09/16 3:55 p.m.54 views

CVE-2020-4409

The CVE-2020-4409 issue affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1, where a remote attacker could conduct phishing via a tabnabbing attack by steering a user to a crafted site and then redirecting to a trusted-appearing malicious page. Root cause is a reverse tabnab...

8.2CVSS7.6AI score0.00893EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.53 views

CVE-2019-4644

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting in the Web UI, allowing injection of arbitrary JavaScript and potentially credential disclosure within a trusted session. Affected core versions include 7.6.0.10, 7.6.1.0, and 7.6.1.1 (with related industry solutions). IBM’s ad...

6.1CVSS5.8AI score0.00872EPSS
CVE
CVE
added 2018/03/27 5:0 p.m.51 views

CVE-2015-5016

CVE-2015-5016 affects IBM Maximo Asset Management family (7.6/7.5/7.1), Maximo Asset Management Essentials (7.5/7.1), plus related IBM products (Control Desk 7.5/7.6; Tivoli Asset Management for IT 7.1/7.2; others). The issue allows a remote authenticated user to bypass access restrictions and re...

4.3CVSS4.2AI score0.00993EPSS
CVE
CVE
added 2020/02/19 3:15 p.m.51 views

CVE-2019-4429

CVE-2019-4429 affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1. The issue is a cross-site scripting vulnerability in the Web UI, allowing an attacker to embed arbitrary JavaScript code that could alter functionality and potentially disclose credentials within a trusted se...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.46 views

CVE-2019-4446

IBM Maximo Asset Management 7.6.x is affected by CVE-2019-4446 through insecure permissions that allow an authenticated user to perform actions by modifying request parameters. Affected core Product versions: 7.6.0, 7.6.1, and 7.6.1.1 (including related Industry Solutions and IBM Control Desk com...

5.5CVSS5.2AI score0.00781EPSS
CVE
CVE
added 2021/05/10 4:20 p.m.44 views

CVE-2021-20559

CVE-2021-20559 affects IBM Control Desk core product versions 7.6.1.2 and 7.6.1.3, where a cross-site scripting (XSS) vulnerability in the Web UI allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted session. The issue is documented with CVSSv3.1 ba...

5.4CVSS5.2AI score0.00495EPSS