182 matches found
CVE-2024-45077
CVE-2024-45077 affects IBM Maximo Asset Management 7.6.1.3 via the MXAPIASSET API. The issue is an unrestricted file upload vulnerability that lets an authenticated, low-privilege user upload restricted file types by appending a dot to the end of the filename when Maximo runs on Windows. CVSS v3....
CVE-2020-4463
CVE-2020-4463 affects IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2, enabling an XML External Entity (XXE) injection when processing XML data. A remote attacker could disclose sensitive information or cause memory resource consumption. IBM’s bulletin lists fixes for 7.6.x, with 7.6.1.2 (and lat...
CVE-2021-38935
IBM Maximo Asset Management core product (7.6.1.2 and 7.6.1.1) is vulnerable due to default weak password requirements, enabling easier account compromise. Root cause: absence of strong password enforcement by default. Impact: attacker access to user accounts. Remediation: apply the appropriate F...
CVE-2021-29854
CVE-2021-29854 affects IBM Maximo Asset Management core product versions 7.6.1.1 and 7.6.1.2, and the IBM Maximo Manage application in IBM Maximo Application Suite (MAS 8.7-Manage 8.3). Root cause is improper validation of input in HOST headers, enabling HTTP header injection via specially crafte...
CVE-2019-4048
CVE-2019-4048 affects IBM Maximo Asset Management 7.6. The vulnerability allows a physical user to obtain sensitive information from a previous user on the same machine (a back-and-refresh-type information disclosure). Affected core product: Maximo Asset Management 7.6 (and related Industry Solut...
CVE-2024-45652
The CVE-2024-45652 issue affects IBM Maximo Asset Management MXAPIASSET API 7.6.1.3. A remote attacker can perform directory traversal by sending URLs containing dot-dot sequences (/../), enabling viewing of arbitrary files on the system. Multiple sources confirm the affected product/version and ...
CVE-2022-22435
IBM Maximo Asset Management and the Maximo Manage application in IBM Maximo Application Suite are affected by CVE-2022-22435 (XSS). The issue allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected versions include Maxi...
CVE-2022-35645
The CVE-2022-35645 issue affects IBM Maximo Asset Management core products versions 7.6.1.1–7.6.1.3 and IBM Maximo Application Suite versions 8.8–8.9, with stored cross-site scripting in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials in a trusted s...
CVE-2021-20374
IBM Maximo Asset Management 7.6.0 and 7.6.1 are vulnerable to a stored cross-site scripting (XSS) flaw in the Web UI that could allow embedding arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Remediation is to upgrade to a fixed release via Fix Central. For Maxim...
CVE-2019-4056
IBM Maximo Asset Management 7.6 Work Centers' application lacks file type validation during upload, enabling upload of malicious files. Affected product: IBM Maximo Asset Management (core 7.6, with Industry Solutions and IBM Control Desk on top). Root cause: the upload workflow does not validate ...
CVE-2025-2987
IBM Maximo Asset Management 7.6.1.3 is vulnerable to Server-Side Request Forgery (SSRF). An authenticated attacker may cause the system to issue unauthorized requests, potentially enabling network enumeration or other attacks. The IBM security bulletin assigns CVE-2025-2987 with a CVSS v3.1 base ...
CVE-2019-4303
IBM Maximo Asset Management 7.6 is affected by a cross-site scripting vulnerability (CVE-2019-4303) that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Maximo Asset Management core 7.6...
CVE-2019-4364
CVE-2019-4364 affects IBM Maximo Asset Management core product 7.6. The vulnerability is CSV injection that could allow a remote authenticated attacker to execute arbitrary commands on the system. Remediation is provided by IBM Fix Central; affected 7.6 versions include 7.6.1.1 FP, 7.6.0.10 iFix,...
CVE-2021-38924
Summary of CVE-2021-38924 (IBM Maximo Asset Management) : IBM Maximo Asset Management and the IBM Maximo Manage application in the Maximo Application Suite are affected by an information-disclosure vulnerability. A remote attacker could obtain sensitive information when a detailed technical error...
CVE-2018-2028
CVE-2018-2028 affects IBM Maximo Asset Management 7.6. An authenticated user could replace a target page with a phishing site, potentially exposing highly sensitive information (confidentiality impact). The IBM bulletin lists affected core: Maximo Asset Management 7.6 (and related Industry Soluti...
CVE-2022-43866
CVE-2022-43866 affects IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3, with a cross-site scripting flaw arising from insufficient filtering/escaping of user-supplied data in the Web UI, potentially enabling arbitrary JavaScript execution and credential disclosure within a trusted session. Affect...
CVE-2022-35281
CVE-2022-35281 affects IBM Maximo Asset Management versions 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Manage in IBM Maximo Application Suite versions 8.3 and 8.4. The issue is described as CSV injection vulnerability. The Red Hat and IBM bulletins confirm the affected product set and provide remed...
CVE-2023-32333
CVE-2023-32333 affects IBM Maximo Asset Management 7.6.1.3. The issue is an improper access-control flaw that could let a remote attacker log into the admin panel, with the potential for unauthorized admin access. The vulnerability is rated highly by NVD (CVSS v3.1: 9.8 / CRITICAL) and is acknowl...
CVE-2025-2986
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting due to insufficient filtering/escaping of user-supplied data in the Web UI, enabling a privileged user to embed arbitrary JavaScript and potentially causing credential disclosure within a trusted session. Affected pr...
CVE-2019-4486
CVE-2019-4486 affects IBM Maximo Asset Management 7.6. The vulnerability is a cross-site scripting flaw that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Affected core version: Maximo Asset Management 7.6, with likely ...
CVE-2023-32332
CVE-2023-32332 affects IBM Maximo Application Suite (MAS) versions 8.9–8.10 and IBM Maximo Asset Management (MAM) 7.6.1.2–7.6.1.3, vulnerable to HTML injection that could allow a remote attacker to cause HTML/JS execution in the browser under the hosting site’s security context. The Red Hat/IBM a...
CVE-2024-45088
CVE-2024-45088 affects IBM Maximo Asset Management 7.6.1.3 and is a stored cross-site scripting vulnerability. According to IBM and Red Hat sources, authenticated users can inject arbitrary JavaScript into the Maximo Web UI, potentially altering functionality and leading to credentials disclosure...
CVE-2022-22436
Summary: CVE-2022-22436 affects IBM Maximo Asset Management components (7.6.1.2; 7.6.1.1 per IBM bulletin) and IBM Maximo Manage in IBM Maximo Application Suite. Vulnerability type & impact: cross-site scripting in the Web UI could allow an attacker to embed arbitrary JavaScript, potentially caus...
CVE-2013-3323
Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...
CVE-2013-5465
CVE-2013-5465 concerns IBM Maximo and related Tivoli/SmartCloud products where uploads permit invalid file types due to inadequate input validation. The issue affects multiple versions across Maximo Asset Management (7.5, 7.1, 6.2), Maximo Asset Management Essentials, Maximo variants for Governme...
CVE-2012-3322
CVE-2012-3322 is an XSS vulnerability described across multiple IBM Maximo-related products (Maximo Asset Management 6.2–7.5, Essentials 6.2–7.5, TAM for IT 6.2–7.2, Service Request Manager 7.1–7.2, Service Desk 6.2, CCMDB 7.1–7.2, SmartCloud Control Desk 7.5). It allows remote authenticated user...
CVE-2014-6102
CVE-2014-6102 affects IBM Maximo Asset Management and related products, where improper logout handling allows a local user to bypass Cognos BI Direct Integration access controls via an unattended workstation. Affected versions include Maximo Asset Management 7.1–7.1.1.13 and 7.5.0 up to 7.5.0.6 (...
CVE-2017-1292
IBM Maximo Asset Management 7.5 and 7.6 are affected by a vulnerability described across multiple sources (NVD, CNVD, CVE listings) where error messages disclose sensitive information. The issue is a sensitive information disclosure vulnerability in the product’s messaging, potentially enabling a...
CVE-2024-22333
CVE-2024-22333 affects IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10–8.11. The vulnerability enables storing web pages locally on the system, which can be read by another user (information disclosure). The IBM advisories and Red Hat/RH-enriched sources confirm the affe...
CVE-2011-4819
CVE-2011-4819 is an IBM Maximo Asset Management/Asset Management Essentials issue describing multiple cross-site scripting (XSS) vulnerabilities in versions 6.2, 7.1, and 7.5. The flaw allows remote attackers to inject arbitrary script/HTML via the uisesionid parameter to maximo.jsp or the defaul...
CVE-2015-0107
CVE-2015-0107 is a directory traversal vulnerability in IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management and Maximo Industry Solutions (7.1–7.1.1.8, 7.2; 7.5 before 7.5.0.7 IFIX003; 7.6 befor...
CVE-2022-35714
IBM Maximo Asset Management 7.6.x is affected by CVE-2022-35714, a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM Security Bulletin (CVE-2022-35714) specifies affect...
CVE-2023-27860
CVE-2023-27860 affects IBM Maximo Asset Management core product versions 7.6.1.2 and 7.6.1.3. The issue is information disclosure via an error message, which could aid further attacks. The IBM Security Bulletin and Red Hat/CNVD-related records confirm the affected versions and classify the CVSS a...
CVE-2013-3049
CVE-2013-3049 affects IBM Maximo Asset Management and related IBM Tivoli/SmartCloud products. The vulnerability is a security bypass that could allow remote authenticated users to bypass intended access restrictions via unspecified vectors (a different issue from CVE-2013-3971). NVD records a CVS...
CVE-2014-3024
CVE-2014-3024 is a CSRF vulnerability in IBM Maximo Asset Management and related SmartCloud Control Desk components. Affected products/versions include Maximo Asset Management 7.1, 7.1.1.12; 7.5, 7.5.0.x (including 7.5.0.3 through 7.5.0.6) and 7.5.1.x (through 7.5.1.2); plus SmartCloud Control De...
CVE-2015-0104
CVE-2015-0104 affects IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management/Maximo Industry Solutions (7.1–7.1.1.8, 7.5 before 7.5.0.7 IFIX003, 7.6 before 7.6.0.0 IFIX002). The issue is a Remote C...
CVE-2019-4530
CVE-2019-4530 concerns IBM Maximo Asset Management versions 7.6, 7.6.1, and 7.6.1.1, where an authenticated user could delete a record they should not normally be able to. The IBM security bulletin documents a privilege-escalation issue tied to DELETE access on MXAPIWODETAIL; images show affected...
CVE-2023-27864
CVE-2023-27864 – IBM Maximo Asset Management HTML injection affects IBM Maximo Asset Management core product versions 7.6.1.2 and 7.6.1.3. The issue allows a remote attacker to inject malicious HTML that is rendered in the victim’s browser within the hosting site’s security context. CVSS base sco...
CVE-2012-0714
IBM Maximo-related CVE-2012-0714 is a Cross-Site Request Forgery affecting Maximo Asset Management 6.2–7.5 (and related IBM products such as SmartCloud Control Desk, Tivoli AIT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The IBM bulletin confirms the root cause as CSRF that ...
CVE-2012-3316
Technical details about CVE-2012-3316 are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, and fixes.
CVE-2014-0824
CVE-2014-0824 is an XSS vulnerability in IBM Maximo Asset Management 7.x (and related Tivoli/CMDB components) where remote authenticated users can inject arbitrary web script or HTML via an attachment URL. Connected IBM advisories map affected releases to specific APARs (IV52829, IV41871, IV46511...
CVE-2015-7452
IBM Maximo Asset Management (versions 7.6 and 7.5, including related Maximo variants and SmartCloud Control Desk) has a vulnerability that could allow remote authenticated users to obtain sensitive information via the REST API. The issue is documented with CVSS v3 base score 4.3 (LOW). Affected p...
CVE-2017-1124
CVE-2017-1124 affects IBM Maximo Asset Management core versions 7.6, 7.5 and 7.1 (and Maximo Asset Management Essentials) plus affected IBM Industry Solutions and Control Desk products when installed on a vulnerable core. Root cause: HTTP header injection enabling local information disclosure by ...
CVE-2019-4749
CVE-2019-4749 denotes a cross-site scripting vulnerability in IBM Maximo Asset Management 7.6, allowing arbitrary JavaScript in the Web UI and potentially exposing credentials in a trusted session. IBM’s bulletin identifies affected core versions, notably 7.6.1.1, and directs remediation via inte...
CVE-2015-5051
CVE-2015-5051 affects IBM Maximo Asset Management and SmartCloud Control Desk, where an authenticated remote user can bypass access controls to view query results, as described by IBM/NVD entries. Affected: Maximo Asset Management 7.6 and 7.5 (with specific IFs: 7.6.0.2 IF1; 7.5.0.8 IF6; also 7.5...
CVE-2017-1291
IBM Maximo Asset Management 7.5 and 7.6 are vulnerable to HTTP response splitting via specially-crafted URLs, enabling potential web cache poisoning and cross-site scripting. Affected products include the core Maximo Asset Management 7.5/7.6 and related Industry Solutions and IBM Control Desk pro...
CVE-2020-4529
CVE-2020-4529 affects IBM Maximo Asset Management core versions 7.6.0 and 7.6.1 and is a server-side request forgery (SSRF) vulnerability. The IBM bulletin describes an authenticated attacker may cause the system to make unauthorized outbound requests, enabling network enumeration or related atta...
CVE-2012-0195
CVE-2012-0195 is a documented XSS vulnerability in the Start Center Layout and Configuration component across IBM Maximo Asset Management and Asset Management Essentials (6.2, 7.1, 7.5), IBM Tivoli Asset Management for IT (6.2, 7.1, 7.2), IBM Tivoli Service Request Manager (7.1, 7.2), IBM Maximo ...
CVE-2013-5382
CVE-2013-5382 affects IBM Maximo Asset Management family (6.2–6.2.8, 7.1 before 7.1.1.12, 7.5 before 7.5.0.5). The vulnerability allows remote authenticated users to gain privileges via unspecified vectors (distinct from CVE-2013-5383). IBM’s vendor bulletin lists multiple APARs tied to this CVE ...
CVE-2014-0914
CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...