Maximo Asset Management@7.6.2.2 Security Vulnerabilities and Issues — Maximo Asset Management@7.6.2.2 CVE List

Lucene search

IbmMaximo Asset Management7.6.2.2

6 matches found

CVE•added 2018/08/16 1:29 p.m.•43 views

CVE-2018-1715

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1470...

5.4CVSS5.2AI score0.0021EPSS

CVE•added 2018/08/03 3:29 p.m.•38 views

CVE-2018-1524

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.

9CVSS8.5AI score0.00393EPSS

CVE•added 2018/08/06 2:29 p.m.•36 views

CVE-2018-1528

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.

4.3CVSS4.1AI score0.00163EPSS

CVE•added 2018/09/13 3:29 p.m.•32 views

CVE-2018-1698

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967.

5.3CVSS4.9AI score0.00433EPSS

CVE•added 2018/10/05 1:29 p.m.•29 views

CVE-2018-1686

5.4CVSS5.2AI score0.00158EPSS

CVE•added 2018/08/24 11:0 a.m.•28 views

CVE-2018-1699

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.

8.8CVSS8.6AI score0.00512EPSS