11 matches found
CVE-2019-4351
CVE-2019-4351 affects IBM Maximo Anywhere 7.6.4.0, where the application could disclose sensitive information to a user with physical access due to how usernames are stored in local storage (directory names for user attachments). The issue is a local-access information disclosure vulnerability (n...
CVE-2019-4429
CVE-2019-4429 affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1. The issue is a cross-site scripting vulnerability in the Web UI, allowing an attacker to embed arbitrary JavaScript code that could alter functionality and potentially disclose credentials within a trusted se...
CVE-2019-4266
CVE-2019-4266 affects IBM Maximo Anywhere versions 7.6.2.x and 7.6.3.x, where the product lacks device jailbreak detection. The root cause is missing jailbreak checks, which could allow an attacker to obtain sensitive information about the device. Affected: IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7...
CVE-2019-4265
Summary (CVE-2019-4265) IBM Maximo Anywhere versions 7.6.0–7.6.3 are affected by an information-disclosure vulnerability due to the product’s lack of device root detection. This weakness could allow an attacker with local access to obtain sensitive information about the device. The issue is docum...
CVE-2019-4349
IBM Maximo Anywhere 7.6.2.x and 7.6.3.x support on deprecated Android OS versions can expose confidentiality and integrity of the service. The vulnerability arises from installing Maximo Anywhere on a non-recommended OS (Android API level 14), with a CVSS base score of 3.5 (LOW). Affected product...
CVE-2019-4352
CVE-2019-4352 affects IBM Maximo Anywhere 7.6.4.0, where the product’s source code could be deobfuscated due to lack of binary obfuscation. The vulnerability’s CVSS details indicate a low-severity impact (C:L, I:N, A:N) with a physical attack vector and no authentication required. IBM’s bulletin ...
CVE-2015-4945
IBM Maximo Anywhere 7.5.1 (Android) contains an unspecified vulnerability that could allow a remote attacker to bypass passcode protections and obtain sensitive information via a crafted application. Affects Maximo Anywhere 7.5.1; remediation available as 7.5.1.2 Interim Fix or Fix Pack via Fix C...
CVE-2019-4291
CVE-2019-4291 affects IBM Maximo Anywhere 7.6.4.0, where lack of binary protection allows reverse engineering of the application due to missing binary obfuscation. Public sources from NVD/IBM/X-Force corroborate a medium-severity issue (CVSS v3.1 base score 6.5; v2 base 6.4) with network access a...
CVE-2017-1604
CVE-2017-1604 affects IBM Maximo Anywhere (7.5.1, 7.5.2, 7.6, 7.6.1, 7.6.2, 7.6.3) where a cross-site scripting flaw in the Web UI allows arbitrary JavaScript execution, potentially disclosing credentials in a trusted session. Root cause: improper input handling in the Web UI. Exploitation/in-the...
CVE-2019-4286
CVE-2019-4286 affects IBM Maximo Anywhere versions 7.6.2.0/7.6.2.1 and 7.6.3.0/7.6.3.1. The issue allows disclosure of highly sensitive user information (e.g., usernames, passwords, session tokens, cookies) to an authenticated user with physical access by exposing data in device/console logs. Aff...
CVE-2019-4288
IBM Maximo Anywhere versions 7.6.2.x and 7.6.3.x are affected by CVE-2019-4288, an information disclosure where an attacker with physical access and authenticated to the device could copy application information via Android Backup. The vulnerability is caused by the product’s handling of backups,...