Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmMaximo Asset Management*

16 matches found

CVE
CVEadded 2019/10/24 12:15 p.m.55 views

CVE-2019-4486

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.

5.4CVSS5.2AI score0.00211EPSS
CVE
CVEadded 2018/08/16 1:29 p.m.44 views

CVE-2018-1715

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1470...

5.4CVSS5.2AI score0.0021EPSS
CVE
CVEadded 2020/09/16 4:15 p.m.43 views

CVE-2020-4409

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would ap...

8.2CVSS7.6AI score0.00162EPSS
CVE
CVEadded 2021/08/12 4:15 p.m.40 views

CVE-2021-20509

IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243.

10CVSS9.4AI score0.00758EPSS
CVE
CVEadded 2018/08/03 3:29 p.m.39 views

CVE-2018-1524

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.

9CVSS8.5AI score0.00393EPSS
CVE
CVEadded 2020/09/15 2:15 p.m.39 views

CVE-2019-4671

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437.

6.5CVSS6.6AI score0.00152EPSS
CVE
CVEadded 2020/10/05 2:15 p.m.39 views

CVE-2020-4493

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995.

9.8CVSS9.2AI score0.00623EPSS
CVE
CVEadded 2020/09/15 2:15 p.m.39 views

CVE-2020-4521

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. I...

9CVSS8.6AI score0.14783EPSS
CVE
CVEadded 2021/08/30 5:15 p.m.38 views

CVE-2021-29743

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

6.4CVSS5.2AI score0.00204EPSS
CVE
CVEadded 2018/08/06 2:29 p.m.37 views

CVE-2018-1528

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.

4.3CVSS4.1AI score0.00163EPSS
CVE
CVEadded 2020/07/13 2:15 p.m.35 views

CVE-2019-4591

IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.

7.8CVSS7.2AI score0.00036EPSS
CVE
CVEadded 2020/09/15 2:15 p.m.35 views

CVE-2020-4526

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.

4.3CVSS4.7AI score0.0009EPSS
CVE
CVEadded 2018/09/13 3:29 p.m.34 views

CVE-2018-1698

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967.

5.3CVSS4.9AI score0.00417EPSS
CVE
CVEadded 2018/08/02 2:29 p.m.32 views

CVE-2018-1554

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891.

5.4CVSS5.2AI score0.00216EPSS
CVE
CVEadded 2018/10/05 1:29 p.m.31 views

CVE-2018-1686

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1455...

5.4CVSS5.2AI score0.00158EPSS
CVE
CVEadded 2018/08/24 11:0 a.m.29 views

CVE-2018-1699

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.

8.8CVSS8.6AI score0.00492EPSS