29 matches found
CVE-2013-3323
Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...
CVE-2014-6102
CVE-2014-6102 affects IBM Maximo Asset Management and related products, where improper logout handling allows a local user to bypass Cognos BI Direct Integration access controls via an unattended workstation. Affected versions include Maximo Asset Management 7.1–7.1.1.13 and 7.5.0 up to 7.5.0.6 (...
CVE-2015-0107
CVE-2015-0107 is a directory traversal vulnerability in IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management and Maximo Industry Solutions (7.1–7.1.1.8, 7.2; 7.5 before 7.5.0.7 IFIX003; 7.6 befor...
CVE-2015-0104
CVE-2015-0104 affects IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management/Maximo Industry Solutions (7.1–7.1.1.8, 7.5 before 7.5.0.7 IFIX003, 7.6 before 7.6.0.0 IFIX002). The issue is a Remote C...
CVE-2015-7452
IBM Maximo Asset Management (versions 7.6 and 7.5, including related Maximo variants and SmartCloud Control Desk) has a vulnerability that could allow remote authenticated users to obtain sensitive information via the REST API. The issue is documented with CVSS v3 base score 4.3 (LOW). Affected p...
CVE-2014-0914
CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...
CVE-2015-5051
CVE-2015-5051 affects IBM Maximo Asset Management and SmartCloud Control Desk, where an authenticated remote user can bypass access controls to view query results, as described by IBM/NVD entries. Affected: Maximo Asset Management 7.6 and 7.5 (with specific IFs: 7.6.0.2 IF1; 7.5.0.8 IF6; also 7.5...
CVE-2015-4966
CVE-2015-4966 affects IBM Maximo Asset Management core products (versions 7.1, 7.5, 7.6 and associated SmartCloud Control Desk/Tivoli IT Asset Management for IT, etc.). The flaw is a default administrator account that could allow remote authenticated users to gain administrative access via unspec...
CVE-2015-7448
CVE-2015-7448 is a SQL injection vulnerability affecting IBM Maximo Asset Management (and related Tivoli/SmartCloud Control Desk components) where remote authenticated users can cause arbitrary SQL execution via unspecified vectors. Affected products/versions include Maximo Asset Management 7.1–7...
CVE-2015-7487
CVE-2015-7487 affects IBM Maximo Asset Management and related Tivoli products. The vulnerability allows a local attacker with administrative privileges to read log files and obtain sensitive information, due to improper handling of logs in several Maximo/Tivoli components (Maximo Asset Management...
CVE-2015-4944
CVE-2015-4944 is an XSS vulnerability in IBM Maximo Asset Management and related IBM products (including SmartCloud Control Desk, Tivoli IT Asset Management for IT, and others built on affected core versions). The root cause is improper validation of user input, allowing remote authenticated atta...
CVE-2015-4967
IBM Maximo Asset Management is affected by CVE-2015-4967, a SQL injection vulnerability. A remote attacker could send specially-crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected products and versions include Maximo Asset Management (7.6, 7.5, 7.1), Max...
CVE-2014-6194
CVE-2014-6194 describes a directory traversal vulnerability in IBM Maximo Asset Management and related products that allows remote authenticated users to read arbitrary files via a ".." in a pathname. Affected are IBM Maximo Asset Management 7.1–7.1.1.13; 7.5.0 before 7.5.0.6 IFIX007; Maximo Asse...
CVE-2015-1934
CVE-2015-1934 affects IBM Maximo Asset Management and related products. The root issue is weak encryption of passwords, allowing context-dependent attackers with access to a password file to obtain cleartext passwords. Affected versions include Maximo Asset Management 7.1–7.1.1.13, 7.5.x before 7...
CVE-2014-0915
CVE-2014-0915 affects IBM Maximo and related products (Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government/Nuclear Power/Transportation/Life Sciences/Oil & Gas/Utilities, Tivoli IT, Tivoli Service Request Manager, Maximo Service Desk, CMDB, SmartCloud Control Desk) ...
CVE-2015-7396
CVE-2015-7396 affects IBM Maximo Asset Management (and related solutions) including Maximo Asset Management 7.6 and 7.5, Maximo Asset Management Essentials, several Industry Solutions, and SmartCloud Control Desk. The issue lies in the Scheduler functionality, which could allow an authenticated r...
CVE-2015-0109
CVE-2015-0109 is a Cross-site Scripting (XSS) vulnerability affecting IBM Tivoli/TAM products (Maximo Asset Management, Tivoli IT Asset Management for IT, Tivoli Service Request Manager, etc.) across multiple versions (7.1–7.6, including various 7.1.1.x and 7.2 lines). The flaw allows remote auth...
CVE-2015-5017
The CVE-2015-5017 issue affects IBM Maximo Asset Management family (including Maximo Asset Management 7.6, 7.5, 7.1; Essentials; and related products like SmartCloud Control Desk and Tivoli IT Asset Management for IT). It allows remote authenticated users to bypass access controls by signing in w...
CVE-2016-0222
IBM Maximo Asset Management 7.6 is affected by CVE-2016-0222; versions prior to 7.6.0.3 IFIX001 allow an authenticated remote user to bypass access controls and read arbitrary purchase-order work logs via unspecified vectors. The IBM advisory recommends applying the corresponding Fix Central inte...
CVE-2015-4965
Summary: CVE-2015-4965 is a misconfiguration in IBM Maximo Asset Management and related products that could allow an authenticated user to view backup and debug application files, potentially exposing sensitive information. Affected products (per bulletins): Maximo Asset Management 7.6, 7.5, 7.1;...
CVE-2014-4765
CVE-2014-4765 affects IBM Maximo Asset Management and related IBM products (e.g., SmartCloud Control Desk, Tivoli IT Asset Management for IT, and related Maximo variants) with an information-disclosure flaw that lets remote attackers read an error message to obtain sensitive directory information...
CVE-2015-1933
CVE-2015-1933 affects IBM Maximo Asset Management and related products; the root cause is that the password input field autocomplete attribute is not set to false, enabling local attackers to obtain account information via an unattended workstation. Affected versions include Maximo Asset Manageme...
CVE-2015-5016
CVE-2015-5016 affects IBM Maximo Asset Management family (7.6/7.5/7.1), Maximo Asset Management Essentials (7.5/7.1), plus related IBM products (Control Desk 7.5/7.6; Tivoli Asset Management for IT 7.1/7.2; others). The issue allows a remote authenticated user to bypass access restrictions and re...
CVE-2015-0108
CVE-2015-0108 is a cross-site scripting (XSS) vulnerability affecting IBM Tivoli IT Asset Management for IT and related IBM Maximo assets (7.1–7.1.1.8, 7.2). The issue allows remote authenticated users to inject arbitrary web script/HTML via unspecified vectors due to insecure handling in the aff...
CVE-2015-7395
CVE-2015-7395 affects IBM Maximo Asset Management and related IBM products (SmartCloud Control Desk, Tivoli IT Asset Management for IT, Service Request Manager, CRM/DB components). The issue allows a remote authenticated user to bypass work-order change restrictions due to improper access control...
CVE-2013-5402
CVE-2013-5402 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management and related IBM products (Asset Management Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; SmartCloud Control Desk; Tivoli Asset Management for IT; Tivol...
CVE-2014-3025
CVE-2014-3025 is a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and related IBM/Tivoli products. It affects multiple versions (Maximo AM 6.2–6.2.8, 7.1–7.1.1.2, 7.5–7.5.0.6; and SmartCloud Control Desk; Tivoli Asset Management for IT, Tivoli Service Request Manager, Max...
CVE-2015-7451
CVE-2015-7451 is an XSS vulnerability in IBM Maximo Asset Management (and related SmartCloud Control Desk) caused by improper validation of user-supplied input. The issue affects multiple Maximo versions (7.5/7.6 and various fixes) and can be triggered by a crafted URL to execute script in a vict...
CVE-2016-5902
CVE-2016-5902 affects IBM Maximo Asset Management. The IBM bulletin documents a cross-site scripting flaw in the Web UI that can lead to credential disclosure within a trusted session. Affected core versions: 7.6, 7.5, 7.1 (with various Industry Solutions/SmartCloud components on these cores). Ro...