Lucene search
K
IbmMaximo Anywhere

11 matches found

CVE
CVE
added 2022/02/16 5:0 p.m.60 views

CVE-2019-4351

CVE-2019-4351 affects IBM Maximo Anywhere 7.6.4.0, where the application could disclose sensitive information to a user with physical access due to how usernames are stored in local storage (directory names for user attachments). The issue is a local-access information disclosure vulnerability (n...

4.6CVSS4.1AI score0.00244EPSS
CVE
CVE
added 2020/02/19 3:15 p.m.51 views

CVE-2019-4429

CVE-2019-4429 affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1. The issue is a cross-site scripting vulnerability in the Web UI, allowing an attacker to embed arbitrary JavaScript code that could alter functionality and potentially disclose credentials within a trusted se...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2020/05/06 1:45 p.m.50 views

CVE-2019-4266

CVE-2019-4266 affects IBM Maximo Anywhere versions 7.6.2.x and 7.6.3.x, where the product lacks device jailbreak detection. The root cause is missing jailbreak checks, which could allow an attacker to obtain sensitive information about the device. Affected: IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7...

2.4CVSS3.4AI score0.00323EPSS
CVE
CVE
added 2019/10/10 2:0 p.m.48 views

CVE-2019-4265

Summary (CVE-2019-4265) IBM Maximo Anywhere versions 7.6.0–7.6.3 are affected by an information-disclosure vulnerability due to the product’s lack of device root detection. This weakness could allow an attacker with local access to obtain sensitive information about the device. The issue is docum...

2.4CVSS3.4AI score0.00366EPSS
CVE
CVE
added 2020/11/03 1:25 p.m.47 views

CVE-2019-4349

IBM Maximo Anywhere 7.6.2.x and 7.6.3.x support on deprecated Android OS versions can expose confidentiality and integrity of the service. The vulnerability arises from installing Maximo Anywhere on a non-recommended OS (Android API level 14), with a CVSS base score of 3.5 (LOW). Affected product...

3.6CVSS3.9AI score0.00326EPSS
CVE
CVE
added 2022/02/16 5:0 p.m.47 views

CVE-2019-4352

CVE-2019-4352 affects IBM Maximo Anywhere 7.6.4.0, where the product’s source code could be deobfuscated due to lack of binary obfuscation. The vulnerability’s CVSS details indicate a low-severity impact (C:L, I:N, A:N) with a physical attack vector and no authentication required. IBM’s bulletin ...

2.4CVSS3.7AI score0.00253EPSS
CVE
CVE
added 2015/07/26 2:0 p.m.46 views

CVE-2015-4945

IBM Maximo Anywhere 7.5.1 (Android) contains an unspecified vulnerability that could allow a remote attacker to bypass passcode protections and obtain sensitive information via a crafted application. Affects Maximo Anywhere 7.5.1; remediation available as 7.5.1.2 Interim Fix or Fix Pack via Fix C...

5CVSS6AI score0.01043EPSS
CVE
CVE
added 2022/02/16 5:0 p.m.46 views

CVE-2019-4291

CVE-2019-4291 affects IBM Maximo Anywhere 7.6.4.0, where lack of binary protection allows reverse engineering of the application due to missing binary obfuscation. Public sources from NVD/IBM/X-Force corroborate a medium-severity issue (CVSS v3.1 base score 6.5; v2 base 6.4) with network access a...

6.5CVSS6.2AI score0.00446EPSS
CVE
CVE
added 2018/02/21 9:0 p.m.43 views

CVE-2017-1604

CVE-2017-1604 affects IBM Maximo Anywhere (7.5.1, 7.5.2, 7.6, 7.6.1, 7.6.2, 7.6.3) where a cross-site scripting flaw in the Web UI allows arbitrary JavaScript execution, potentially disclosing credentials in a trusted session. Root cause: improper input handling in the Web UI. Exploitation/in-the...

5.4CVSS5.2AI score0.00743EPSS
CVE
CVE
added 2020/04/29 1:45 p.m.42 views

CVE-2019-4286

CVE-2019-4286 affects IBM Maximo Anywhere versions 7.6.2.0/7.6.2.1 and 7.6.3.0/7.6.3.1. The issue allows disclosure of highly sensitive user information (e.g., usernames, passwords, session tokens, cookies) to an authenticated user with physical access by exposing data in device/console logs. Aff...

4.3CVSS4AI score0.00339EPSS
CVE
CVE
added 2020/04/29 1:45 p.m.42 views

CVE-2019-4288

IBM Maximo Anywhere versions 7.6.2.x and 7.6.3.x are affected by CVE-2019-4288, an information disclosure where an attacker with physical access and authenticated to the device could copy application information via Android Backup. The vulnerability is caused by the product’s handling of backups,...

4.3CVSS4AI score0.00339EPSS