Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmMaximo Asset Management

185 matches found

CVE
CVEadded 2012/09/10 5:55 p.m.34 views

CVE-2012-0746

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject...

3.5CVSS5.3AI score0.0018EPSS
CVE
CVEadded 2013/02/20 12:9 p.m.34 views

CVE-2013-0457

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid.

3.5CVSS5.2AI score0.00161EPSS
CVE
CVEadded 2013/10/01 11:14 a.m.34 views

CVE-2013-4017

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS8.4AI score0.003EPSS
CVE
CVEadded 2014/05/26 4:55 p.m.34 views

CVE-2013-5464

IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and modify physical counts associated with ...

6CVSS5.9AI score0.00216EPSS
CVE
CVEadded 2016/07/17 10:59 p.m.34 views

CVE-2016-0393

IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files.

5.3CVSS5.1AI score0.00207EPSS
CVE
CVEadded 2016/07/02 2:59 p.m.34 views

CVE-2016-0399

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5AI score0.00168EPSS
CVE
CVEadded 2017/02/08 10:59 p.m.34 views

CVE-2016-5902

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS5.9AI score0.00317EPSS
CVE
CVEadded 2017/06/07 5:29 p.m.34 views

CVE-2016-9977

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.

8.8CVSS8.4AI score0.01047EPSS
CVE
CVEadded 2018/02/22 7:29 p.m.34 views

CVE-2018-1415

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821.

5.4CVSS5.2AI score0.00269EPSS
CVE
CVEadded 2020/05/12 2:15 p.m.34 views

CVE-2019-4478

IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.

6.5CVSS6AI score0.00186EPSS
CVE
CVEadded 2020/07/13 2:15 p.m.34 views

CVE-2019-4591

IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.

7.8CVSS7.2AI score0.00036EPSS
CVE
CVEadded 2020/09/15 2:15 p.m.34 views

CVE-2020-4526

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.

4.3CVSS4.7AI score0.0009EPSS
CVE
CVEadded 2023/06/05 1:15 a.m.34 views

CVE-2023-32334

IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074.

5.3CVSS4.4AI score0.00076EPSS
CVE
CVEadded 2024/01/19 2:15 a.m.34 views

CVE-2023-32337

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

5.4CVSS5.3AI score0.00042EPSS
CVE
CVEadded 2013/10/01 11:14 a.m.33 views

CVE-2013-4027

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

6.5CVSS6.2AI score0.00281EPSS
CVE
CVEadded 2016/11/30 11:59 a.m.33 views

CVE-2016-5905

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS4.9AI score0.00154EPSS
CVE
CVEadded 2019/07/17 2:15 p.m.33 views

CVE-2019-4430

IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.

7.5CVSS7.2AI score0.00533EPSS
CVE
CVEadded 2013/10/01 11:14 a.m.32 views

CVE-2013-3048

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00208EPSS
CVE
CVEadded 2013/10/01 11:14 a.m.32 views

CVE-2013-4014

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00295EPSS
CVE
CVEadded 2013/10/01 11:14 a.m.32 views

CVE-2013-5395

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors.

7.5CVSS6.8AI score0.0033EPSS
CVE
CVEadded 2016/11/30 11:59 a.m.32 views

CVE-2016-5987

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.

5.3CVSS5AI score0.00316EPSS
CVE
CVEadded 2017/04/26 5:59 p.m.32 views

CVE-2016-8924

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.

5.6CVSS5.6AI score0.00207EPSS
CVE
CVEadded 2018/02/22 7:29 p.m.32 views

CVE-2018-1414

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.

8.8CVSS8.7AI score0.00648EPSS
CVE
CVEadded 2018/11/28 5:0 p.m.32 views

CVE-2018-1584

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497.

5.4CVSS5.2AI score0.00229EPSS
CVE
CVEadded 2018/09/13 3:29 p.m.32 views

CVE-2018-1698

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967.

5.3CVSS4.9AI score0.00433EPSS
CVE
CVEadded 2018/11/09 5:0 p.m.32 views

CVE-2018-1872

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.

5.4CVSS5.2AI score0.00229EPSS
CVE
CVEadded 2013/02/20 12:9 p.m.31 views

CVE-2012-6357

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors.

6.5CVSS6.6AI score0.00216EPSS
CVE
CVEadded 2018/08/02 2:29 p.m.31 views

CVE-2018-1554

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891.

5.4CVSS5.2AI score0.00216EPSS
CVE
CVEadded 2014/05/26 11:14 a.m.30 views

CVE-2012-3333

CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL.

4.3CVSS6.9AI score0.00246EPSS
CVE
CVEadded 2018/10/05 1:29 p.m.29 views

CVE-2018-1686

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1455...

5.4CVSS5.2AI score0.00158EPSS
CVE
CVEadded 2018/08/24 11:0 a.m.28 views

CVE-2018-1699

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.

8.8CVSS8.6AI score0.00512EPSS
CVE
CVEadded 2020/06/26 2:15 p.m.28 views

CVE-2020-4223

IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1...

5.4CVSS5.2AI score0.00179EPSS
CVE
CVEadded 2017/06/08 9:29 p.m.27 views

CVE-2016-8987

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.

4.3CVSS4.4AI score0.00212EPSS
CVE
CVEadded 2024/01/19 2:15 a.m.27 views

CVE-2023-47718

IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.

8.8CVSS8.3AI score0.00042EPSS
CVE
CVEadded 2024/03/13 10:15 a.m.24 views

CVE-2023-32335

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075.

7.5CVSS3.6AI score0.00057EPSS
Total number of security vulnerabilities185