Maximo Asset Management@7.1.1.9 Security Vulnerabilities and Issues — Maximo Asset Management@7.1.1.9 CVE List

Lucene search

IbmMaximo Asset Management7.1.1.9

52 matches found

CVE•added 2017/03/07 5:59 p.m.•48 views

CVE-2017-1124

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.

2.9CVSS3.5AI score0.00046EPSS

CVE•added 2013/02/20 12:9 p.m.•47 views

CVE-2012-3316

Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk...

3.5CVSS5.4AI score0.00188EPSS

CVE•added 2013/02/20 12:9 p.m.•46 views

CVE-2012-3322

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Datab...

3.5CVSS5.3AI score0.00188EPSS

CVE•added 2013/10/01 11:14 a.m.•45 views

CVE-2013-5381

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.

6.5CVSS6.5AI score0.00513EPSS

CVE•added 2015/02/17 1:59 a.m.•45 views

CVE-2014-6102

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other pr...

2.1CVSS6.8AI score0.00125EPSS

CVE•added 2015/10/06 1:59 a.m.•45 views

CVE-2015-4967

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through...

6.5CVSS7.9AI score0.00277EPSS

CVE•added 2013/10/01 11:14 a.m.•44 views

CVE-2013-3973

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS8AI score0.00302EPSS

CVE•added 2015/10/06 1:59 a.m.•44 views

CVE-2015-4944

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Managemen...

3.5CVSS5.3AI score0.00166EPSS

CVE•added 2015/11/08 10:59 p.m.•44 views

CVE-2015-4966

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivol...

6.5CVSS8AI score0.00349EPSS

CVE•added 2013/02/20 12:9 p.m.•43 views

CVE-2012-3327

4.3CVSS5.8AI score0.00266EPSS

CVE•added 2014/05/26 11:14 a.m.•43 views

CVE-2013-2998

frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.

3.5CVSS5.7AI score0.00179EPSS

CVE•added 2013/10/01 11:14 a.m.•43 views

CVE-2013-3049

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971.

4CVSS6.2AI score0.00179EPSS

CVE•added 2014/07/30 11:15 a.m.•43 views

CVE-2014-0914

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management ...

3.5CVSS5.4AI score0.00301EPSS

CVE•added 2014/08/29 10:0 a.m.•43 views

CVE-2014-3024

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbit...

6CVSS6.9AI score0.00152EPSS

CVE•added 2015/02/17 1:59 a.m.•43 views

CVE-2014-6194

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 an...

4CVSS6.3AI score0.00584EPSS

CVE•added 2013/10/01 11:14 a.m.•42 views

CVE-2013-3971

4CVSS6.2AI score0.00179EPSS

CVE•added 2014/07/30 11:15 a.m.•42 views

CVE-2014-0915

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2....

3.5CVSS5.4AI score0.00301EPSS

CVE•added 2015/10/04 2:59 a.m.•41 views

CVE-2015-1934

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT...

5CVSS6.6AI score0.00236EPSS

CVE•added 2015/10/06 1:59 a.m.•41 views

CVE-2015-4965

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset...

4CVSS5.8AI score0.00146EPSS

CVE•added 2016/01/27 5:59 a.m.•41 views

CVE-2015-7487

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for T...

4.9CVSS4.1AI score0.00052EPSS

CVE•added 2013/10/01 11:14 a.m.•40 views

CVE-2013-3047

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors.

6.5CVSS6.5AI score0.00445EPSS

CVE•added 2013/10/01 11:14 a.m.•40 views

CVE-2013-5382

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383.

4CVSS6.5AI score0.00226EPSS

CVE•added 2016/03/12 3:59 p.m.•40 views

CVE-2015-7448

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1...

6.5CVSS6AI score0.00126EPSS

CVE•added 2013/02/20 12:9 p.m.•39 views

CVE-2012-6355

IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Cont...

6.5CVSS6.6AI score0.00394EPSS

CVE•added 2013/10/01 11:14 a.m.•39 views

CVE-2013-4018

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

6CVSS5.7AI score0.0048EPSS

CVE•added 2014/05/26 4:55 p.m.•39 views

CVE-2014-0825

Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Man...

3.5CVSS5.3AI score0.00188EPSS

CVE•added 2013/10/01 11:14 a.m.•38 views

CVE-2013-4013

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.2AI score0.00348EPSS

CVE•added 2013/10/01 11:14 a.m.•38 views

CVE-2013-4019

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.2AI score0.00208EPSS

CVE•added 2013/10/01 11:14 a.m.•38 views

CVE-2013-5383

4CVSS6.5AI score0.00226EPSS

CVE•added 2014/10/02 12:55 a.m.•38 views

CVE-2014-4765

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attack...

5CVSS6.4AI score0.00225EPSS

CVE•added 2015/10/04 2:59 a.m.•38 views

CVE-2015-1933

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT...

2.1CVSS6.8AI score0.00079EPSS

CVE•added 2013/10/01 11:14 a.m.•37 views

CVE-2013-0451

SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS7.9AI score0.00348EPSS

CVE•added 2014/08/29 10:0 a.m.•37 views

CVE-2014-3084

IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other pr...

4.9CVSS6.3AI score0.00548EPSS

CVE•added 2013/10/01 11:14 a.m.•36 views

CVE-2012-3323

IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.

6.8CVSS7AI score0.01098EPSS

CVE•added 2013/10/01 11:14 a.m.•36 views

CVE-2013-4020

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

4CVSS6.2AI score0.002EPSS

CVE•added 2014/05/26 4:55 p.m.•36 views

CVE-2014-0849

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.

6CVSS6.6AI score0.00369EPSS

CVE•added 2015/11/08 3:59 a.m.•36 views

CVE-2015-7395

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivol...

4CVSS6.2AI score0.00111EPSS

CVE•added 2013/10/01 11:14 a.m.•35 views

CVE-2013-3972

IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.

4CVSS5.7AI score0.00202EPSS

CVE•added 2013/10/01 11:14 a.m.•35 views

CVE-2013-4021

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors.

6.5CVSS6.3AI score0.00513EPSS

CVE•added 2013/10/01 11:14 a.m.•35 views

CVE-2013-5380

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.

2.1CVSS5.8AI score0.00063EPSS

CVE•added 2013/12/18 4:4 p.m.•35 views

CVE-2013-5402

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 befo...

3.5CVSS5.4AI score0.0018EPSS

CVE•added 2014/05/26 4:55 p.m.•35 views

CVE-2013-5460

IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors.

3.5CVSS6.1AI score0.00159EPSS

CVE•added 2014/07/30 11:15 a.m.•35 views

CVE-2014-3025

3.5CVSS5.5AI score0.00208EPSS

CVE•added 2015/07/01 10:59 a.m.•35 views

CVE-2015-1951

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.

2.1CVSS6AI score0.00057EPSS

CVE•added 2013/10/01 11:14 a.m.•34 views

CVE-2013-4017

SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

6.5CVSS8.4AI score0.003EPSS

CVE•added 2016/07/02 2:59 p.m.•34 views

CVE-2016-0399

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5AI score0.00168EPSS

CVE•added 2013/10/01 11:14 a.m.•33 views

CVE-2013-4027

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

6.5CVSS6.2AI score0.00281EPSS

CVE•added 2013/10/01 11:14 a.m.•32 views

CVE-2013-3048

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00208EPSS

CVE•added 2013/10/01 11:14 a.m.•32 views

CVE-2013-4014

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00295EPSS

CVE•added 2013/10/01 11:14 a.m.•32 views

CVE-2013-5395

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors.

7.5CVSS6.8AI score0.0033EPSS

Total number of security vulnerabilities52