Lucene search

K
IbmMaximo For Life Sciences7.6

22 matches found

CVE
CVE
added 2019/06/06 1:29 a.m.76 views

CVE-2019-4048

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

2.1CVSS3.1AI score0.00079EPSS
CVE
CVE
added 2019/06/06 1:29 a.m.63 views

CVE-2019-4056

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

4.3CVSS4.5AI score0.00214EPSS
CVE
CVE
added 2019/06/19 2:15 p.m.63 views

CVE-2019-4364

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

8.5CVSS7.6AI score0.01296EPSS
CVE
CVE
added 2019/06/19 2:15 p.m.62 views

CVE-2019-4303

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.

5.4CVSS5.2AI score0.00229EPSS
CVE
CVE
added 2019/06/06 1:29 a.m.59 views

CVE-2018-2028

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

6.5CVSS6AI score0.00087EPSS
CVE
CVE
added 2019/10/24 12:15 p.m.53 views

CVE-2019-4486

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.

5.4CVSS5.2AI score0.00211EPSS
CVE
CVE
added 2016/01/02 9:59 p.m.45 views

CVE-2015-7396

The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensi...

5.5CVSS5AI score0.00133EPSS
CVE
CVE
added 2020/02/24 4:15 p.m.45 views

CVE-2019-4745

IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.

4.3CVSS4.1AI score0.00179EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.45 views

CVE-2019-4749

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.

5.4CVSS5.2AI score0.00158EPSS
CVE
CVE
added 2016/01/03 5:59 a.m.44 views

CVE-2015-5051

IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified ve...

4.3CVSS4.3AI score0.00137EPSS
CVE
CVE
added 2020/09/16 4:15 p.m.42 views

CVE-2020-4409

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would ap...

8.2CVSS7.6AI score0.00162EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.41 views

CVE-2019-4644

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.

6.1CVSS5.8AI score0.00166EPSS
CVE
CVE
added 2016/03/12 3:59 p.m.40 views

CVE-2015-7448

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1...

6.5CVSS6AI score0.00126EPSS
CVE
CVE
added 2017/02/01 8:59 p.m.40 views

CVE-2016-5896

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.

5.3CVSS5AI score0.00187EPSS
CVE
CVE
added 2019/10/09 4:15 p.m.40 views

CVE-2019-4512

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.

4.3CVSS4.2AI score0.00119EPSS
CVE
CVE
added 2016/01/03 5:59 a.m.39 views

CVE-2015-5017

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for T...

5.5CVSS5.2AI score0.00105EPSS
CVE
CVE
added 2020/02/19 4:15 p.m.39 views

CVE-2019-4429

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886...

5.4CVSS5.2AI score0.00239EPSS
CVE
CVE
added 2018/03/27 5:29 p.m.38 views

CVE-2015-5016

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket workl...

4.3CVSS4.2AI score0.00105EPSS
CVE
CVE
added 2016/01/02 9:59 p.m.38 views

CVE-2015-7452

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.

4.3CVSS4.2AI score0.00155EPSS
CVE
CVE
added 2016/01/02 5:59 a.m.37 views

CVE-2015-7451

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web scrip...

5.4CVSS5AI score0.00168EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.35 views

CVE-2019-4446

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.

5.5CVSS5.2AI score0.00116EPSS
CVE
CVE
added 2017/02/08 10:59 p.m.34 views

CVE-2016-5902

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS5.9AI score0.00317EPSS