Lucene search
K
IbmMaximo Asset Management Essentials

51 matches found

CVE
CVE
added 2020/02/18 4:3 p.m.64 views

CVE-2013-3323

Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...

9.8CVSS9.2AI score0.02868EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.63 views

CVE-2012-3322

CVE-2012-3322 is an XSS vulnerability described across multiple IBM Maximo-related products (Maximo Asset Management 6.2–7.5, Essentials 6.2–7.5, TAM for IT 6.2–7.2, Service Request Manager 7.1–7.2, Service Desk 6.2, CCMDB 7.1–7.2, SmartCloud Control Desk 7.5). It allows remote authenticated user...

3.5CVSS5.3AI score0.00936EPSS
CVE
CVE
added 2015/02/17 1:0 a.m.63 views

CVE-2014-6102

CVE-2014-6102 affects IBM Maximo Asset Management and related products, where improper logout handling allows a local user to bypass Cognos BI Direct Integration access controls via an unattended workstation. Affected versions include Maximo Asset Management 7.1–7.1.1.13 and 7.5.0 up to 7.5.0.6 (...

2.1CVSS6.8AI score0.00486EPSS
CVE
CVE
added 2017/04/24 6:12 a.m.63 views

CVE-2015-0107

CVE-2015-0107 is a directory traversal vulnerability in IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management and Maximo Industry Solutions (7.1–7.1.1.8, 7.2; 7.5 before 7.5.0.7 IFIX003; 7.6 befor...

6.5CVSS6.6AI score0.05956EPSS
CVE
CVE
added 2017/05/26 4:0 p.m.63 views

CVE-2017-1292

IBM Maximo Asset Management 7.5 and 7.6 are affected by a vulnerability described across multiple sources (NVD, CNVD, CVE listings) where error messages disclose sensitive information. The issue is a sensitive information disclosure vulnerability in the product’s messaging, potentially enabling a...

5.3CVSS5AI score0.00862EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.62 views

CVE-2011-4819

CVE-2011-4819 is an IBM Maximo Asset Management/Asset Management Essentials issue describing multiple cross-site scripting (XSS) vulnerabilities in versions 6.2, 7.1, and 7.5. The flaw allows remote attackers to inject arbitrary script/HTML via the uisesionid parameter to maximo.jsp or the defaul...

4.3CVSS5.8AI score0.01161EPSS
Web
CVE
CVE
added 2017/04/24 6:12 a.m.61 views

CVE-2015-0104

CVE-2015-0104 affects IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management/Maximo Industry Solutions (7.1–7.1.1.8, 7.5 before 7.5.0.7 IFIX003, 7.6 before 7.6.0.0 IFIX002). The issue is a Remote C...

8.8CVSS8.6AI score0.06849EPSS
Web
CVE
CVE
added 2013/02/20 11:0 a.m.60 views

CVE-2012-3316

Technical details about CVE-2012-3316 are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, and fixes.

3.5CVSS5.4AI score0.00936EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.60 views

CVE-2015-7452

IBM Maximo Asset Management (versions 7.6 and 7.5, including related Maximo variants and SmartCloud Control Desk) has a vulnerability that could allow remote authenticated users to obtain sensitive information via the REST API. The issue is documented with CVSS v3 base score 4.3 (LOW). Affected p...

4.3CVSS4.2AI score0.00888EPSS
CVE
CVE
added 2017/05/26 4:0 p.m.60 views

CVE-2017-1291

IBM Maximo Asset Management 7.5 and 7.6 are vulnerable to HTTP response splitting via specially-crafted URLs, enabling potential web cache poisoning and cross-site scripting. Affected products include the core Maximo Asset Management 7.5/7.6 and related Industry Solutions and IBM Control Desk pro...

5.4CVSS5.4AI score0.00615EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.59 views

CVE-2014-0914

CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...

3.5CVSS5.4AI score0.0107EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.59 views

CVE-2015-5051

CVE-2015-5051 affects IBM Maximo Asset Management and SmartCloud Control Desk, where an authenticated remote user can bypass access controls to view query results, as described by IBM/NVD entries. Affected: Maximo Asset Management 7.6 and 7.5 (with specific IFs: 7.6.0.2 IF1; 7.5.0.8 IF6; also 7.5...

4.3CVSS4.3AI score0.00935EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.58 views

CVE-2011-1397

CVE-2011-1397 is a CSRF vulnerability in IBM Maximo and related products (Asset Management, Essentials, Tivoli AM for IT, Service Request Manager, Maximo Service Desk, CCMDB) affecting 6.2, 7.1, 7.2 and 7.5. Attack could hijack user authentication via the Labor Reporting page. IBM remediation via...

6.8CVSS7.3AI score0.01047EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.58 views

CVE-2012-0195

CVE-2012-0195 is a documented XSS vulnerability in the Start Center Layout and Configuration component across IBM Maximo Asset Management and Asset Management Essentials (6.2, 7.1, 7.5), IBM Tivoli Asset Management for IT (6.2, 7.1, 7.2), IBM Tivoli Service Request Manager (7.1, 7.2), IBM Maximo ...

4.3CVSS5.8AI score0.01951EPSS
CVE
CVE
added 2016/03/12 3:0 p.m.58 views

CVE-2015-7448

CVE-2015-7448 is a SQL injection vulnerability affecting IBM Maximo Asset Management (and related Tivoli/SmartCloud Control Desk components) where remote authenticated users can cause arbitrary SQL execution via unspecified vectors. Affected products/versions include Maximo Asset Management 7.1–7...

6.5CVSS6AI score0.00707EPSS
CVE
CVE
added 2016/01/27 2:0 a.m.58 views

CVE-2015-7487

CVE-2015-7487 affects IBM Maximo Asset Management and related Tivoli products. The vulnerability allows a local attacker with administrative privileges to read log files and obtain sensitive information, due to improper handling of logs in several Maximo/Tivoli components (Maximo Asset Management...

4.9CVSS4.1AI score0.00284EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.57 views

CVE-2011-1394

CVE-2011-1394 affects IBM Maximo/Asset Management family (6.2–7.5) and related Tivoli products (Asset Management for IT, Service Request Manager, Maximo Service Desk, CCMDB). The issue is a Denial of Service caused by memory exhaustion from establishing many UI sessions within a single HTTP sessi...

5CVSS6.8AI score0.02584EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.57 views

CVE-2012-6356

CVE-2012-6356 affects IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5. The vulnerability allows remote authenticated users to escalate privileges via vectors related to an import operation. The available sources (NVD entry and related recor...

6.5CVSS6.5AI score0.01231EPSS
CVE
CVE
added 2017/12/13 6:0 p.m.57 views

CVE-2017-1558

The connected IBM bulletin confirms CVE-2017-1558 affects Maximo Asset Management 7.5 and 7.6 (and related products) via an open redirect that enables remote phishing by spoofing displayed URLs. Impact: user redirection to a malicious site and potential data exposure; CVSS v3.0 base score 6.1 (Ne...

6.1CVSS5.9AI score0.00987EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.56 views

CVE-2011-4818

CVE-2011-4818 affects IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5). It is an open redirect via the uisessionid parameter to an unspecified component, enabling remote authenticated users to redirect to arbitrary sites (phishing risk). IBM’s vulnerability not...

4.3CVSS6.2AI score0.01182EPSS
CVE
CVE
added 2015/10/05 10:0 a.m.56 views

CVE-2015-4944

CVE-2015-4944 is an XSS vulnerability in IBM Maximo Asset Management and related IBM products (including SmartCloud Control Desk, Tivoli IT Asset Management for IT, and others built on affected core versions). The root cause is improper validation of user input, allowing remote authenticated atta...

3.5CVSS5.3AI score0.00783EPSS
CVE
CVE
added 2015/10/05 10:0 a.m.56 views

CVE-2015-4967

IBM Maximo Asset Management is affected by CVE-2015-4967, a SQL injection vulnerability. A remote attacker could send specially-crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected products and versions include Maximo Asset Management (7.6, 7.5, 7.1), Max...

6.5CVSS7.9AI score0.00991EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.55 views

CVE-2011-1396

The CVE-2011-1396 entry describes an XSS vulnerability in IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5) that allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component. Affected products include Ma...

4.3CVSS5.8AI score0.01161EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.55 views

CVE-2012-3327

CVE-2012-3327 describes a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management (versions 6.2–7.5), Maximo Asset Management Essentials (6.2–7.5), Tivoli Asset Management for IT (6.2–7.2), Tivoli Service Request Manager (7.1–7.2), Maximo Service Desk (6.2), CCMDB (7.1–7.2), and S...

4.3CVSS5.8AI score0.01148EPSS
CVE
CVE
added 2015/02/17 1:0 a.m.55 views

CVE-2014-6194

CVE-2014-6194 describes a directory traversal vulnerability in IBM Maximo Asset Management and related products that allows remote authenticated users to read arbitrary files via a ".." in a pathname. Affected are IBM Maximo Asset Management 7.1–7.1.1.13; 7.5.0 before 7.5.0.6 IFIX007; Maximo Asse...

4CVSS6.3AI score0.01441EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.55 views

CVE-2015-1934

CVE-2015-1934 affects IBM Maximo Asset Management and related products. The root issue is weak encryption of passwords, allowing context-dependent attackers with access to a password file to obtain cleartext passwords. Affected versions include Maximo Asset Management 7.1–7.1.1.13, 7.5.x before 7...

5CVSS6.6AI score0.00993EPSS
CVE
CVE
added 2018/02/14 3:0 p.m.55 views

CVE-2017-1499

IBM Maximo Asset Management 7.5 and 7.6 are affected by CVE-2017-1499, where a remote attacker can include arbitrary files, potentially executing arbitrary code on the vulnerable Web server. The IBM Security Bulletin lists affected cores (Maximo Asset Management 7.6 and 7.5; Essentials 7.5) and r...

8.8CVSS8.7AI score0.02288EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.54 views

CVE-2011-4816

CVE-2011-4816 is a SQL injection vulnerability in the KPI component affecting IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5), IBM Tivoli Asset Management for IT (6.2, 7.1, 7.2), IBM Tivoli Service Request Manager (7.1, 7.2), IBM Maximo Service Desk (6.2), and...

6.5CVSS8AI score0.01696EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.54 views

CVE-2011-4817

CVE-2011-4817 affects IBM Maximo Asset Management and related IBM assets (Asset Management Essentials, Tivoli AM for IT, Service Request Manager, Maximo Service Desk, CCMDB) on multiple versions (6.2, 7.1, 7.2/7.5). The issue is an information disclosure where the About menu in Help shows the use...

4CVSS6.3AI score0.01209EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.54 views

CVE-2014-0915

CVE-2014-0915 affects IBM Maximo and related products (Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government/Nuclear Power/Transportation/Life Sciences/Oil & Gas/Utilities, Tivoli IT, Tivoli Service Request Manager, Maximo Service Desk, CMDB, SmartCloud Control Desk) ...

3.5CVSS5.4AI score0.01046EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.54 views

CVE-2015-7396

CVE-2015-7396 affects IBM Maximo Asset Management (and related solutions) including Maximo Asset Management 7.6 and 7.5, Maximo Asset Management Essentials, several Industry Solutions, and SmartCloud Control Desk. The issue lies in the Scheduler functionality, which could allow an authenticated r...

5.5CVSS5AI score0.00791EPSS
CVE
CVE
added 2015/02/18 2:0 a.m.53 views

CVE-2015-0109

CVE-2015-0109 is a Cross-site Scripting (XSS) vulnerability affecting IBM Tivoli/TAM products (Maximo Asset Management, Tivoli IT Asset Management for IT, Tivoli Service Request Manager, etc.) across multiple versions (7.1–7.6, including various 7.1.1.x and 7.2 lines). The flaw allows remote auth...

3.5CVSS6.3AI score0.00759EPSS
CVE
CVE
added 2015/10/05 10:0 a.m.52 views

CVE-2015-4965

Summary: CVE-2015-4965 is a misconfiguration in IBM Maximo Asset Management and related products that could allow an authenticated user to view backup and debug application files, potentially exposing sensitive information. Affected products (per bulletins): Maximo Asset Management 7.6, 7.5, 7.1;...

4CVSS5.8AI score0.00966EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.52 views

CVE-2015-5017

The CVE-2015-5017 issue affects IBM Maximo Asset Management family (including Maximo Asset Management 7.6, 7.5, 7.1; Essentials; and related products like SmartCloud Control Desk and Tivoli IT Asset Management for IT). It allows remote authenticated users to bypass access controls by signing in w...

5.5CVSS5.2AI score0.00661EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.51 views

CVE-2011-1395

CVE-2011-1395 is an XSS vulnerability in IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5) affecting imicon.jsp via the controlid parameter. Exploitation could allow remote attackers to inject arbitrary script/HTML. IBM notes multiple related CVEs in the same fa...

4.3CVSS5.8AI score0.01161EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.51 views

CVE-2012-3328

CVE-2012-3328 is an XSS vulnerability in IBM Maximo family: IBM Maximo Asset Management 7.1 and Maximo Asset Management Essentials 7.1; Tivoli Asset Management for IT 7.1/7.2; Tivoli Service Request Manager 7.1/7.2; and Change and Configuration Management Database (CCMDB) 7.1/7.2. The issue allow...

4.3CVSS5.7AI score0.01148EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.51 views

CVE-2012-6355

CVE-2012-6355 affects IBM Maximo Asset Management (versions 6.2–7.5), Maximo Asset Management Essentials (6.2–7.5), Tivoli Asset Management for IT (6.2–7.2), Tivoli Service Request Manager (7.1–7.2), Maximo Service Desk (6.2), CCMDB (7.1–7.2), and SmartCloud Control Desk (7.5). The vulnerability ...

6.5CVSS6.6AI score0.01231EPSS
CVE
CVE
added 2014/10/02 12:0 a.m.51 views

CVE-2014-4765

CVE-2014-4765 affects IBM Maximo Asset Management and related IBM products (e.g., SmartCloud Control Desk, Tivoli IT Asset Management for IT, and related Maximo variants) with an information-disclosure flaw that lets remote attackers read an error message to obtain sensitive directory information...

5CVSS6.4AI score0.01173EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.51 views

CVE-2015-1933

CVE-2015-1933 affects IBM Maximo Asset Management and related products; the root cause is that the password input field autocomplete attribute is not set to false, enabling local attackers to obtain account information via an unattended workstation. Affected versions include Maximo Asset Manageme...

2.1CVSS6.8AI score0.00444EPSS
CVE
CVE
added 2018/03/27 5:0 p.m.51 views

CVE-2015-5016

CVE-2015-5016 affects IBM Maximo Asset Management family (7.6/7.5/7.1), Maximo Asset Management Essentials (7.5/7.1), plus related IBM products (Control Desk 7.5/7.6; Tivoli Asset Management for IT 7.1/7.2; others). The issue allows a remote authenticated user to bypass access restrictions and re...

4.3CVSS4.2AI score0.00993EPSS
CVE
CVE
added 2015/02/18 2:0 a.m.50 views

CVE-2015-0108

CVE-2015-0108 is a cross-site scripting (XSS) vulnerability affecting IBM Tivoli IT Asset Management for IT and related IBM Maximo assets (7.1–7.1.1.8, 7.2). The issue allows remote authenticated users to inject arbitrary web script/HTML via unspecified vectors due to insecure handling in the aff...

4.3CVSS6.3AI score0.00931EPSS
CVE
CVE
added 2017/08/09 6:0 p.m.50 views

CVE-2017-1357

CVE-2017-1357 affects IBM Maximo Asset Management 7.5 and 7.6 (core product), where an authenticated user can manipulate work orders to forge emails, enabling potentially more‑advanced attacks. The IBM Security Bulletin confirms the vulnerability and lists affected versions across core Maximo and...

4.3CVSS4.4AI score0.00909EPSS
CVE
CVE
added 2014/07/29 8:0 p.m.47 views

CVE-2014-3026

CVE-2014-3026 is a CRLF/header-injection vulnerability in IBM Maximo Asset Management 7.5.x (including Maximo Asset Management Essentials, various Maximo Industry Solutions, and SmartCloud Control Desk 7.5). The issue allows remote authenticated users to inject arbitrary HTTP headers and perform ...

3.5CVSS6.5AI score0.00951EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.46 views

CVE-2013-0457

The CVE-2013-0457 entry concerns a Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5. The issue allows remote authenticated users to inject arbitrary web script or HTML through vectors related to a ...

3.5CVSS5.2AI score0.00936EPSS
CVE
CVE
added 2013/12/18 11:0 a.m.46 views

CVE-2013-5402

CVE-2013-5402 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management and related IBM products (Asset Management Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; SmartCloud Control Desk; Tivoli Asset Management for IT; Tivol...

3.5CVSS5.4AI score0.00946EPSS
CVE
CVE
added 2016/01/02 2:0 a.m.46 views

CVE-2015-7451

CVE-2015-7451 is an XSS vulnerability in IBM Maximo Asset Management (and related SmartCloud Control Desk) caused by improper validation of user-supplied input. The issue affects multiple Maximo versions (7.5/7.6 and various fixes) and can be triggered by a crafted URL to execute script in a vict...

5.4CVSS5AI score0.00651EPSS
CVE
CVE
added 2017/05/03 5:0 p.m.46 views

CVE-2016-9976

Summary of CVE-2016-9976 : IBM Maximo Asset Management (core product) versions 7.1, 7.5, and 7.6 are affected. A remote attacker can send a specially crafted URL request to include arbitrary files, potentially leading to arbitrary code execution on the vulnerable server. The IBM Security Bulletin...

8.4CVSS8.4AI score0.01715EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.45 views

CVE-2014-3025

CVE-2014-3025 is a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and related IBM/Tivoli products. It affects multiple versions (Maximo AM 6.2–6.2.8, 7.1–7.1.1.2, 7.5–7.5.0.6; and SmartCloud Control Desk; Tivoli Asset Management for IT, Tivoli Service Request Manager, Max...

3.5CVSS5.5AI score0.00946EPSS
Web
CVE
CVE
added 2018/02/22 7:0 p.m.44 views

CVE-2018-1414

CVE-2018-1414 affects IBM Maximo Asset Management core products: 7.6 and 7.5 (and Maximo Asset Management Essentials 7.5), with a SQL injection vulnerability that enables a remote attacker to view, add, modify, or delete data in the back-end database. The root cause is an injectable SQL path in t...

8.8CVSS8.7AI score0.01537EPSS
CVE
CVE
added 2017/06/07 5:0 p.m.43 views

CVE-2016-9977

CVE-2016-9977 affects IBM Maximo Asset Management core products 7.1, 7.5, and 7.6 (and related Industry Solutions and IBM Control Desk on top) with a vulnerability that allows remote session hijacking due to failure to invalidate an existing session identifier. Affected products include Maximo As...

8.8CVSS8.4AI score0.01812EPSS
Total number of security vulnerabilities51