Maximo Asset Management Essentials Security Vulnerabilities and Issues — Maximo Asset Management Essentials CVE List

Lucene search

IbmMaximo Asset Management Essentials

8 matches found

CVE•added 2017/05/26 4:29 p.m.•50 views

CVE-2017-1292

IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.

5.3CVSS5AI score0.00185EPSS

CVE•added 2017/04/24 6:59 a.m.•49 views

CVE-2015-0104

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote ...

8.8CVSS8.6AI score0.02037EPSS

CVE•added 2017/12/13 6:29 p.m.•45 views

CVE-2017-1558

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malic...

6.1CVSS5.9AI score0.00177EPSS

CVE•added 2017/04/24 6:59 a.m.•44 views

CVE-2015-0107

6.5CVSS6.6AI score0.07172EPSS

CVE•added 2017/05/26 4:29 p.m.•43 views

CVE-2017-1291

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks,...

5.4CVSS5.4AI score0.00146EPSS

CVE•added 2017/08/09 6:29 p.m.•40 views

CVE-2017-1357

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.

4.3CVSS4.4AI score0.00215EPSS

CVE•added 2017/05/03 5:59 p.m.•36 views

CVE-2016-9976

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.

8.4CVSS8.4AI score0.02205EPSS

CVE•added 2017/06/07 5:29 p.m.•34 views

CVE-2016-9977

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.

8.8CVSS8.4AI score0.01047EPSS