Lucene search
K
IbmMaximo Asset Management

182 matches found

CVE
CVE
added 2025/01/24 3:38 p.m.97 views

CVE-2024-45077

CVE-2024-45077 affects IBM Maximo Asset Management 7.6.1.3 via the MXAPIASSET API. The issue is an unrestricted file upload vulnerability that lets an authenticated, low-privilege user upload restricted file types by appending a dot to the end of the filename when Maximo runs on Windows. CVSS v3....

6.5CVSS6.5AI score0.00332EPSS
CVE
CVE
added 2020/07/29 2:5 p.m.95 views

CVE-2020-4463

CVE-2020-4463 affects IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2, enabling an XML External Entity (XXE) injection when processing XML data. A remote attacker could disclose sensitive information or cause memory resource consumption. IBM’s bulletin lists fixes for 7.6.x, with 7.6.1.2 (and lat...

8.2CVSS8AI score0.3159EPSS
In wild
CVE
CVE
added 2022/02/18 5:35 p.m.93 views

CVE-2021-38935

IBM Maximo Asset Management core product (7.6.1.2 and 7.6.1.1) is vulnerable due to default weak password requirements, enabling easier account compromise. Root cause: absence of strong password enforcement by default. Impact: attacker access to user accounts. Remediation: apply the appropriate F...

7.5CVSS7.3AI score0.01017EPSS
CVE
CVE
added 2022/05/03 6:20 p.m.92 views

CVE-2021-29854

CVE-2021-29854 affects IBM Maximo Asset Management core product versions 7.6.1.1 and 7.6.1.2, and the IBM Maximo Manage application in IBM Maximo Application Suite (MAS 8.7-Manage 8.3). Root cause is improper validation of input in HOST headers, enabling HTTP header injection via specially crafte...

7.2CVSS6.7AI score0.01063EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.87 views

CVE-2019-4048

CVE-2019-4048 affects IBM Maximo Asset Management 7.6. The vulnerability allows a physical user to obtain sensitive information from a previous user on the same machine (a back-and-refresh-type information disclosure). Affected core product: Maximo Asset Management 7.6 (and related Industry Solut...

2.1CVSS3.1AI score0.00307EPSS
CVE
CVE
added 2025/01/19 2:42 a.m.87 views

CVE-2024-45652

The CVE-2024-45652 issue affects IBM Maximo Asset Management MXAPIASSET API 7.6.1.3. A remote attacker can perform directory traversal by sending URLs containing dot-dot sequences (/../), enabling viewing of arbitrary files on the system. Multiple sources confirm the affected product/version and ...

7.5CVSS6.4AI score0.00763EPSS
CVE
CVE
added 2022/04/21 4:35 p.m.86 views

CVE-2022-22435

IBM Maximo Asset Management and the Maximo Manage application in IBM Maximo Application Suite are affected by CVE-2022-22435 (XSS). The issue allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected versions include Maxi...

5.4CVSS5.2AI score0.00448EPSS
CVE
CVE
added 2023/03/02 8:14 p.m.81 views

CVE-2022-35645

The CVE-2022-35645 issue affects IBM Maximo Asset Management core products versions 7.6.1.1–7.6.1.3 and IBM Maximo Application Suite versions 8.8–8.9, with stored cross-site scripting in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials in a trusted s...

6.4CVSS5.3AI score0.00493EPSS
CVE
CVE
added 2021/05/19 7:40 p.m.78 views

CVE-2021-20374

IBM Maximo Asset Management 7.6.0 and 7.6.1 are vulnerable to a stored cross-site scripting (XSS) flaw in the Web UI that could allow embedding arbitrary JavaScript and, in a trusted session, potentially disclose credentials. Remediation is to upgrade to a fixed release via Fix Central. For Maxim...

6.5CVSS5.2AI score0.00515EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.76 views

CVE-2019-4056

IBM Maximo Asset Management 7.6 Work Centers' application lacks file type validation during upload, enabling upload of malicious files. Affected product: IBM Maximo Asset Management (core 7.6, with Industry Solutions and IBM Control Desk on top). Root cause: the upload workflow does not validate ...

4.3CVSS4.5AI score0.00863EPSS
CVE
CVE
added 2025/04/21 11:24 p.m.76 views

CVE-2025-2987

IBM Maximo Asset Management 7.6.1.3 is vulnerable to Server-Side Request Forgery (SSRF). An authenticated attacker may cause the system to issue unauthorized requests, potentially enabling network enumeration or other attacks. The IBM security bulletin assigns CVE-2025-2987 with a CVSS v3.1 base ...

5.4CVSS4AI score0.00178EPSS
CVE
CVE
added 2019/06/19 1:30 p.m.72 views

CVE-2019-4303

IBM Maximo Asset Management 7.6 is affected by a cross-site scripting vulnerability (CVE-2019-4303) that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Maximo Asset Management core 7.6...

5.4CVSS5.2AI score0.00987EPSS
CVE
CVE
added 2019/06/19 1:30 p.m.72 views

CVE-2019-4364

CVE-2019-4364 affects IBM Maximo Asset Management core product 7.6. The vulnerability is CSV injection that could allow a remote authenticated attacker to execute arbitrary commands on the system. Remediation is provided by IBM Fix Central; affected 7.6 versions include 7.6.1.1 FP, 7.6.0.10 iFix,...

8.5CVSS7.6AI score0.02615EPSS
CVE
CVE
added 2022/09/14 4:20 p.m.72 views

CVE-2021-38924

Summary of CVE-2021-38924 (IBM Maximo Asset Management) : IBM Maximo Asset Management and the IBM Maximo Manage application in the Maximo Application Suite are affected by an information-disclosure vulnerability. A remote attacker could obtain sensitive information when a detailed technical error...

7.5CVSS7AI score0.00825EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.70 views

CVE-2018-2028

CVE-2018-2028 affects IBM Maximo Asset Management 7.6. An authenticated user could replace a target page with a phishing site, potentially exposing highly sensitive information (confidentiality impact). The IBM bulletin lists affected core: Maximo Asset Management 7.6 (and related Industry Soluti...

6.5CVSS6AI score0.00784EPSS
CVE
CVE
added 2023/05/05 6:20 p.m.70 views

CVE-2022-43866

CVE-2022-43866 affects IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3, with a cross-site scripting flaw arising from insufficient filtering/escaping of user-supplied data in the Web UI, potentially enabling arbitrary JavaScript execution and credential disclosure within a trusted session. Affect...

5.4CVSS5.2AI score0.00371EPSS
CVE
CVE
added 2023/01/06 4:50 p.m.69 views

CVE-2022-35281

CVE-2022-35281 affects IBM Maximo Asset Management versions 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Manage in IBM Maximo Application Suite versions 8.3 and 8.4. The issue is described as CSV injection vulnerability. The Red Hat and IBM bulletins confirm the affected product set and provide remed...

8.8CVSS7AI score0.00505EPSS
CVE
CVE
added 2024/02/02 1:55 a.m.69 views

CVE-2023-32333

CVE-2023-32333 affects IBM Maximo Asset Management 7.6.1.3. The issue is an improper access-control flaw that could let a remote attacker log into the admin panel, with the potential for unauthorized admin access. The vulnerability is rated highly by NVD (CVSS v3.1: 9.8 / CRITICAL) and is acknowl...

9.8CVSS8.9AI score0.00545EPSS
CVE
CVE
added 2025/04/25 11:7 a.m.69 views

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting due to insufficient filtering/escaping of user-supplied data in the Web UI, enabling a privileged user to embed arbitrary JavaScript and potentially causing credential disclosure within a trusted session. Affected pr...

5.5CVSS5.2AI score0.0018EPSS
CVE
CVE
added 2019/10/24 12:0 p.m.68 views

CVE-2019-4486

CVE-2019-4486 affects IBM Maximo Asset Management 7.6. The vulnerability is a cross-site scripting flaw that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Affected core version: Maximo Asset Management 7.6, with likely ...

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2023/09/08 7:55 p.m.68 views

CVE-2023-32332

CVE-2023-32332 affects IBM Maximo Application Suite (MAS) versions 8.9–8.10 and IBM Maximo Asset Management (MAM) 7.6.1.2–7.6.1.3, vulnerable to HTML injection that could allow a remote attacker to cause HTML/JS execution in the browser under the hosting site’s security context. The Red Hat/IBM a...

5.4CVSS5.5AI score0.00493EPSS
CVE
CVE
added 2024/11/11 4:1 p.m.68 views

CVE-2024-45088

CVE-2024-45088 affects IBM Maximo Asset Management 7.6.1.3 and is a stored cross-site scripting vulnerability. According to IBM and Red Hat sources, authenticated users can inject arbitrary JavaScript into the Maximo Web UI, potentially altering functionality and leading to credentials disclosure...

6.4CVSS5.5AI score0.00227EPSS
CVE
CVE
added 2022/04/21 4:35 p.m.66 views

CVE-2022-22436

Summary: CVE-2022-22436 affects IBM Maximo Asset Management components (7.6.1.2; 7.6.1.1 per IBM bulletin) and IBM Maximo Manage in IBM Maximo Application Suite. Vulnerability type & impact: cross-site scripting in the Web UI could allow an attacker to embed arbitrary JavaScript, potentially caus...

5.4CVSS5.2AI score0.00448EPSS
CVE
CVE
added 2020/02/18 4:3 p.m.64 views

CVE-2013-3323

Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...

9.8CVSS9.2AI score0.02798EPSS
CVE
CVE
added 2014/05/26 4:0 p.m.64 views

CVE-2013-5465

CVE-2013-5465 concerns IBM Maximo and related Tivoli/SmartCloud products where uploads permit invalid file types due to inadequate input validation. The issue affects multiple versions across Maximo Asset Management (7.5, 7.1, 6.2), Maximo Asset Management Essentials, Maximo variants for Governme...

6.5CVSS6.5AI score0.01231EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.63 views

CVE-2012-3322

CVE-2012-3322 is an XSS vulnerability described across multiple IBM Maximo-related products (Maximo Asset Management 6.2–7.5, Essentials 6.2–7.5, TAM for IT 6.2–7.2, Service Request Manager 7.1–7.2, Service Desk 6.2, CCMDB 7.1–7.2, SmartCloud Control Desk 7.5). It allows remote authenticated user...

3.5CVSS5.3AI score0.00936EPSS
CVE
CVE
added 2015/02/17 1:0 a.m.63 views

CVE-2014-6102

CVE-2014-6102 affects IBM Maximo Asset Management and related products, where improper logout handling allows a local user to bypass Cognos BI Direct Integration access controls via an unattended workstation. Affected versions include Maximo Asset Management 7.1–7.1.1.13 and 7.5.0 up to 7.5.0.6 (...

2.1CVSS6.8AI score0.00486EPSS
CVE
CVE
added 2017/05/26 4:0 p.m.63 views

CVE-2017-1292

IBM Maximo Asset Management 7.5 and 7.6 are affected by a vulnerability described across multiple sources (NVD, CNVD, CVE listings) where error messages disclose sensitive information. The issue is a sensitive information disclosure vulnerability in the product’s messaging, potentially enabling a...

5.3CVSS5AI score0.00862EPSS
CVE
CVE
added 2024/06/13 1:55 p.m.63 views

CVE-2024-22333

CVE-2024-22333 affects IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10–8.11. The vulnerability enables storing web pages locally on the system, which can be read by another user (information disclosure). The IBM advisories and Red Hat/RH-enriched sources confirm the affe...

3.3CVSS3.2AI score0.0018EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.62 views

CVE-2011-4819

CVE-2011-4819 is an IBM Maximo Asset Management/Asset Management Essentials issue describing multiple cross-site scripting (XSS) vulnerabilities in versions 6.2, 7.1, and 7.5. The flaw allows remote attackers to inject arbitrary script/HTML via the uisesionid parameter to maximo.jsp or the defaul...

4.3CVSS5.8AI score0.01161EPSS
Web
CVE
CVE
added 2017/04/24 6:12 a.m.62 views

CVE-2015-0107

CVE-2015-0107 is a directory traversal vulnerability in IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management and Maximo Industry Solutions (7.1–7.1.1.8, 7.2; 7.5 before 7.5.0.7 IFIX003; 7.6 befor...

6.5CVSS6.6AI score0.05956EPSS
CVE
CVE
added 2022/08/26 5:25 p.m.62 views

CVE-2022-35714

IBM Maximo Asset Management 7.6.x is affected by CVE-2022-35714, a cross-site scripting vulnerability in the Web UI that could allow an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The IBM Security Bulletin (CVE-2022-35714) specifies affect...

5.4CVSS5.2AI score0.00398EPSS
CVE
CVE
added 2023/04/27 6:59 p.m.62 views

CVE-2023-27860

CVE-2023-27860 affects IBM Maximo Asset Management core product versions 7.6.1.2 and 7.6.1.3. The issue is information disclosure via an error message, which could aid further attacks. The IBM Security Bulletin and Red Hat/CNVD-related records confirm the affected versions and classify the CVSS a...

5.3CVSS4.9AI score0.00527EPSS
CVE
CVE
added 2013/10/01 10:0 a.m.61 views

CVE-2013-3049

CVE-2013-3049 affects IBM Maximo Asset Management and related IBM Tivoli/SmartCloud products. The vulnerability is a security bypass that could allow remote authenticated users to bypass intended access restrictions via unspecified vectors (a different issue from CVE-2013-3971). NVD records a CVS...

4CVSS6.2AI score0.01115EPSS
CVE
CVE
added 2014/08/29 10:0 a.m.61 views

CVE-2014-3024

CVE-2014-3024 is a CSRF vulnerability in IBM Maximo Asset Management and related SmartCloud Control Desk components. Affected products/versions include Maximo Asset Management 7.1, 7.1.1.12; 7.5, 7.5.0.x (including 7.5.0.3 through 7.5.0.6) and 7.5.1.x (through 7.5.1.2); plus SmartCloud Control De...

6CVSS6.9AI score0.00796EPSS
CVE
CVE
added 2017/04/24 6:12 a.m.61 views

CVE-2015-0104

CVE-2015-0104 affects IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management/Maximo Industry Solutions (7.1–7.1.1.8, 7.5 before 7.5.0.7 IFIX003, 7.6 before 7.6.0.0 IFIX002). The issue is a Remote C...

8.8CVSS8.6AI score0.06849EPSS
Web
CVE
CVE
added 2019/11/20 4:16 p.m.61 views

CVE-2019-4530

CVE-2019-4530 concerns IBM Maximo Asset Management versions 7.6, 7.6.1, and 7.6.1.1, where an authenticated user could delete a record they should not normally be able to. The IBM security bulletin documents a privilege-escalation issue tied to DELETE access on MXAPIWODETAIL; images show affected...

6.5CVSS6.1AI score0.00722EPSS
CVE
CVE
added 2023/04/28 5:1 p.m.61 views

CVE-2023-27864

CVE-2023-27864 – IBM Maximo Asset Management HTML injection affects IBM Maximo Asset Management core product versions 7.6.1.2 and 7.6.1.3. The issue allows a remote attacker to inject malicious HTML that is rendered in the victim’s browser within the hosting site’s security context. CVSS base sco...

5.4CVSS5.5AI score0.00477EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.60 views

CVE-2012-0714

IBM Maximo-related CVE-2012-0714 is a Cross-Site Request Forgery affecting Maximo Asset Management 6.2–7.5 (and related IBM products such as SmartCloud Control Desk, Tivoli AIT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The IBM bulletin confirms the root cause as CSRF that ...

6.8CVSS7.2AI score0.01047EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.60 views

CVE-2012-3316

Technical details about CVE-2012-3316 are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, and fixes.

3.5CVSS5.4AI score0.00936EPSS
CVE
CVE
added 2014/05/26 4:0 p.m.60 views

CVE-2014-0824

CVE-2014-0824 is an XSS vulnerability in IBM Maximo Asset Management 7.x (and related Tivoli/CMDB components) where remote authenticated users can inject arbitrary web script or HTML via an attachment URL. Connected IBM advisories map affected releases to specific APARs (IV52829, IV41871, IV46511...

3.5CVSS5.4AI score0.00936EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.60 views

CVE-2015-7452

IBM Maximo Asset Management (versions 7.6 and 7.5, including related Maximo variants and SmartCloud Control Desk) has a vulnerability that could allow remote authenticated users to obtain sensitive information via the REST API. The issue is documented with CVSS v3 base score 4.3 (LOW). Affected p...

4.3CVSS4.2AI score0.00888EPSS
CVE
CVE
added 2017/03/07 5:0 p.m.60 views

CVE-2017-1124

CVE-2017-1124 affects IBM Maximo Asset Management core versions 7.6, 7.5 and 7.1 (and Maximo Asset Management Essentials) plus affected IBM Industry Solutions and Control Desk products when installed on a vulnerable core. Root cause: HTTP header injection enabling local information disclosure by ...

2.9CVSS3.5AI score0.00297EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.60 views

CVE-2019-4749

CVE-2019-4749 denotes a cross-site scripting vulnerability in IBM Maximo Asset Management 7.6, allowing arbitrary JavaScript in the Web UI and potentially exposing credentials in a trusted session. IBM’s bulletin identifies affected core versions, notably 7.6.1.1, and directs remediation via inte...

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.59 views

CVE-2015-5051

CVE-2015-5051 affects IBM Maximo Asset Management and SmartCloud Control Desk, where an authenticated remote user can bypass access controls to view query results, as described by IBM/NVD entries. Affected: Maximo Asset Management 7.6 and 7.5 (with specific IFs: 7.6.0.2 IF1; 7.5.0.8 IF6; also 7.5...

4.3CVSS4.3AI score0.00935EPSS
CVE
CVE
added 2017/05/26 4:0 p.m.59 views

CVE-2017-1291

IBM Maximo Asset Management 7.5 and 7.6 are vulnerable to HTTP response splitting via specially-crafted URLs, enabling potential web cache poisoning and cross-site scripting. Affected products include the core Maximo Asset Management 7.5/7.6 and related Industry Solutions and IBM Control Desk pro...

5.4CVSS5.4AI score0.00615EPSS
CVE
CVE
added 2020/06/08 12:55 p.m.59 views

CVE-2020-4529

CVE-2020-4529 affects IBM Maximo Asset Management core versions 7.6.0 and 7.6.1 and is a server-side request forgery (SSRF) vulnerability. The IBM bulletin describes an authenticated attacker may cause the system to make unauthorized outbound requests, enabling network enumeration or related atta...

7.4CVSS7.1AI score0.00821EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.58 views

CVE-2012-0195

CVE-2012-0195 is a documented XSS vulnerability in the Start Center Layout and Configuration component across IBM Maximo Asset Management and Asset Management Essentials (6.2, 7.1, 7.5), IBM Tivoli Asset Management for IT (6.2, 7.1, 7.2), IBM Tivoli Service Request Manager (7.1, 7.2), IBM Maximo ...

4.3CVSS5.8AI score0.01951EPSS
CVE
CVE
added 2013/10/01 10:0 a.m.58 views

CVE-2013-5382

CVE-2013-5382 affects IBM Maximo Asset Management family (6.2–6.2.8, 7.1 before 7.1.1.12, 7.5 before 7.5.0.5). The vulnerability allows remote authenticated users to gain privileges via unspecified vectors (distinct from CVE-2013-5383). IBM’s vendor bulletin lists multiple APARs tied to this CVE ...

4CVSS6.5AI score0.01094EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.58 views

CVE-2014-0914

CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...

3.5CVSS5.4AI score0.0107EPSS
Total number of security vulnerabilities182