10 matches found
CVE-2015-7448
CVE-2015-7448 is a SQL injection vulnerability affecting IBM Maximo Asset Management (and related Tivoli/SmartCloud Control Desk components) where remote authenticated users can cause arbitrary SQL execution via unspecified vectors. Affected products/versions include Maximo Asset Management 7.1–7...
CVE-2015-7487
CVE-2015-7487 affects IBM Maximo Asset Management and related Tivoli products. The vulnerability allows a local attacker with administrative privileges to read log files and obtain sensitive information, due to improper handling of logs in several Maximo/Tivoli components (Maximo Asset Management...
CVE-2015-4944
CVE-2015-4944 is an XSS vulnerability in IBM Maximo Asset Management and related IBM products (including SmartCloud Control Desk, Tivoli IT Asset Management for IT, and others built on affected core versions). The root cause is improper validation of user input, allowing remote authenticated atta...
CVE-2015-4967
IBM Maximo Asset Management is affected by CVE-2015-4967, a SQL injection vulnerability. A remote attacker could send specially-crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected products and versions include Maximo Asset Management (7.6, 7.5, 7.1), Max...
CVE-2015-1934
CVE-2015-1934 affects IBM Maximo Asset Management and related products. The root issue is weak encryption of passwords, allowing context-dependent attackers with access to a password file to obtain cleartext passwords. Affected versions include Maximo Asset Management 7.1–7.1.1.13, 7.5.x before 7...
CVE-2015-5017
The CVE-2015-5017 issue affects IBM Maximo Asset Management family (including Maximo Asset Management 7.6, 7.5, 7.1; Essentials; and related products like SmartCloud Control Desk and Tivoli IT Asset Management for IT). It allows remote authenticated users to bypass access controls by signing in w...
CVE-2015-4965
Summary: CVE-2015-4965 is a misconfiguration in IBM Maximo Asset Management and related products that could allow an authenticated user to view backup and debug application files, potentially exposing sensitive information. Affected products (per bulletins): Maximo Asset Management 7.6, 7.5, 7.1;...
CVE-2015-1933
CVE-2015-1933 affects IBM Maximo Asset Management and related products; the root cause is that the password input field autocomplete attribute is not set to false, enabling local attackers to obtain account information via an unattended workstation. Affected versions include Maximo Asset Manageme...
CVE-2015-5016
CVE-2015-5016 affects IBM Maximo Asset Management family (7.6/7.5/7.1), Maximo Asset Management Essentials (7.5/7.1), plus related IBM products (Control Desk 7.5/7.6; Tivoli Asset Management for IT 7.1/7.2; others). The issue allows a remote authenticated user to bypass access restrictions and re...
CVE-2016-5902
CVE-2016-5902 affects IBM Maximo Asset Management. The IBM bulletin documents a cross-site scripting flaw in the Web UI that can lead to credential disclosure within a trusted session. Affected core versions: 7.6, 7.5, 7.1 (with various Industry Solutions/SmartCloud components on these cores). Ro...