4 matches found
CVE-2021-20445
CVE-2021-20445 affects IBM Maximo for Civil Infrastructure 7.6.2. The vulnerability stems from insecure storage of authentication credentials, potentially allowing a user to obtain sensitive information. The issue is documented across multiple sources (NVD entry for the CVE and IBM bulletin) and ...
CVE-2021-20446
CVE-2021-20446 affects IBM Maximo for Civil Infrastructure 7.6.2. It is a cross-site scripting vulnerability in the Web UI that can cause arbitrary JavaScript execution and potentially credentials disclosure within a trusted session. Mitigation: apply the Fix Pack 7.6.2.1 (interim fix) or equival...
CVE-2021-20443
CVE-2021-20443 affects IBM Maximo for Civil Infrastructure 7.6.2. The issue arises from including executable functionality (such as a library) from sources outside the intended control sphere, enabling potential untrusted code execution by a component shipped with the product (Maximo Data Loader)...
CVE-2021-20444
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting via the Web UI, potentially allowing an attacker to embed arbitrary JavaScript and disclose credentials within a trusted session. The vulnerability is documented across multiple sources (CVE-2021-20444, CNVD-2021-1105...