Lucene search
K
IbmMaximo For Aviation

19 matches found

CVE
CVE
added 2019/06/06 12:35 a.m.87 views

CVE-2019-4048

CVE-2019-4048 affects IBM Maximo Asset Management 7.6. The vulnerability allows a physical user to obtain sensitive information from a previous user on the same machine (a back-and-refresh-type information disclosure). Affected core product: Maximo Asset Management 7.6 (and related Industry Solut...

2.1CVSS3.1AI score0.00307EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.76 views

CVE-2019-4056

IBM Maximo Asset Management 7.6 Work Centers' application lacks file type validation during upload, enabling upload of malicious files. Affected product: IBM Maximo Asset Management (core 7.6, with Industry Solutions and IBM Control Desk on top). Root cause: the upload workflow does not validate ...

4.3CVSS4.5AI score0.00863EPSS
CVE
CVE
added 2019/06/19 1:30 p.m.72 views

CVE-2019-4303

IBM Maximo Asset Management 7.6 is affected by a cross-site scripting vulnerability (CVE-2019-4303) that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Maximo Asset Management core 7.6...

5.4CVSS5.2AI score0.00987EPSS
CVE
CVE
added 2019/06/19 1:30 p.m.72 views

CVE-2019-4364

CVE-2019-4364 affects IBM Maximo Asset Management core product 7.6. The vulnerability is CSV injection that could allow a remote authenticated attacker to execute arbitrary commands on the system. Remediation is provided by IBM Fix Central; affected 7.6 versions include 7.6.1.1 FP, 7.6.0.10 iFix,...

8.5CVSS7.6AI score0.02615EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.70 views

CVE-2018-2028

CVE-2018-2028 affects IBM Maximo Asset Management 7.6. An authenticated user could replace a target page with a phishing site, potentially exposing highly sensitive information (confidentiality impact). The IBM bulletin lists affected core: Maximo Asset Management 7.6 (and related Industry Soluti...

6.5CVSS6AI score0.00784EPSS
CVE
CVE
added 2019/10/24 12:0 p.m.68 views

CVE-2019-4486

CVE-2019-4486 affects IBM Maximo Asset Management 7.6. The vulnerability is a cross-site scripting flaw that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Affected core version: Maximo Asset Management 7.6, with likely ...

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.60 views

CVE-2019-4749

CVE-2019-4749 denotes a cross-site scripting vulnerability in IBM Maximo Asset Management 7.6, allowing arbitrary JavaScript in the Web UI and potentially exposing credentials in a trusted session. IBM’s bulletin identifies affected core versions, notably 7.6.1.1, and directs remediation via inte...

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2020/02/24 3:35 p.m.55 views

CVE-2019-4745

CVE-2019-4745 affects IBM Maximo Asset Management core 7.6.1.0. Root cause: path information disclosure in the URL leading to potential sensitive data exposure to an authenticated user. CVSS base score 4.3 (MEDIUM). Remediation: apply fixes for 7.6.1.0 (e.g., 7.6.1.0 iFix015 or latest Interim Fix...

4.3CVSS4.1AI score0.00871EPSS
CVE
CVE
added 2020/09/16 3:55 p.m.55 views

CVE-2020-4409

The CVE-2020-4409 issue affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1, where a remote attacker could conduct phishing via a tabnabbing attack by steering a user to a crafted site and then redirecting to a trusted-appearing malicious page. Root cause is a reverse tabnab...

8.2CVSS7.6AI score0.00893EPSS
CVE
CVE
added 2019/10/09 3:0 p.m.54 views

CVE-2019-4512

CVE-2019-4512 affects IBM Maximo Asset Management 7.6.1.1. The vulnerability arises from an error message that leaks sensitive information, enabling information disclosure. The IBM Security Bulletin lists affected products (core Maximo Asset Management 7.6.1.1 and related Industry Solutions/Contr...

4.3CVSS4.2AI score0.00994EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.53 views

CVE-2019-4644

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting in the Web UI, allowing injection of arbitrary JavaScript and potentially credential disclosure within a trusted session. Affected core versions include 7.6.0.10, 7.6.1.0, and 7.6.1.1 (with related industry solutions). IBM’s ad...

6.1CVSS5.8AI score0.00872EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.52 views

CVE-2016-5896

CVE-2016-5896 affects IBM Maximo Asset Management core (7.6) and related IBM Industry Solutions/Control Desk when installed on top of affected core. Root cause: disclosure of sensitive information from a stack trace after an incorrect Cognos login attempt. Impact: information disclosure with CVSS...

5.3CVSS5AI score0.01029EPSS
CVE
CVE
added 2018/03/27 5:0 p.m.51 views

CVE-2015-5016

CVE-2015-5016 affects IBM Maximo Asset Management family (7.6/7.5/7.1), Maximo Asset Management Essentials (7.5/7.1), plus related IBM products (Control Desk 7.5/7.6; Tivoli Asset Management for IT 7.1/7.2; others). The issue allows a remote authenticated user to bypass access restrictions and re...

4.3CVSS4.2AI score0.00993EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.51 views

CVE-2016-6072

CVE-2016-6072 affects IBM Maximo Asset Management core product (version 7.6) and related IBM Maximo Industry Solutions/Control Desk products when installed on affected cores. The vulnerability is a cross-site scripting flaw in the Web UI that lets an attacker embed arbitrary JavaScript, potential...

5.4CVSS5.2AI score0.00538EPSS
CVE
CVE
added 2018/08/03 3:0 p.m.51 views

CVE-2018-1524

CVE-2018-1524 affects IBM Maximo Asset Management 7.6 through 7.6.3, where installation includes a default administrator account that could be exploited by a remote attacker to gain administrator access. This issue stems from an incomplete fix for CVE-2015-4966. IBM's related advisories indicate ...

9CVSS8.5AI score0.01873EPSS
CVE
CVE
added 2020/02/19 3:15 p.m.51 views

CVE-2019-4429

CVE-2019-4429 affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1. The issue is a cross-site scripting vulnerability in the Web UI, allowing an attacker to embed arbitrary JavaScript code that could alter functionality and potentially disclose credentials within a trusted se...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.46 views

CVE-2018-1528

IBM Maximo Asset Management 7.6 (core) is affected by CVE-2018-1528, allowing an authenticated user to obtain sensitive information via the WhoAmI API, with CVSSv3 base score 4.3 (LOW to MEDIUM range depending on vector). The IBM Security Bulletin lists affected versions (7.6 and all dependent IB...

4.3CVSS4.1AI score0.01316EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.46 views

CVE-2019-4446

IBM Maximo Asset Management 7.6.x is affected by CVE-2019-4446 through insecure permissions that allow an authenticated user to perform actions by modifying request parameters. Affected core Product versions: 7.6.0, 7.6.1, and 7.6.1.1 (including related Industry Solutions and IBM Control Desk com...

5.5CVSS5.2AI score0.00781EPSS
CVE
CVE
added 2017/02/08 10:0 p.m.43 views

CVE-2016-5902

CVE-2016-5902 affects IBM Maximo Asset Management. The IBM bulletin documents a cross-site scripting flaw in the Web UI that can lead to credential disclosure within a trusted session. Affected core versions: 7.6, 7.5, 7.1 (with various Industry Solutions/SmartCloud components on these cores). Ro...

6.1CVSS5.9AI score0.00873EPSS