Lucene search
K
IbmMaximo For Utilities

45 matches found

CVE
CVE
added 2019/06/06 12:35 a.m.87 views

CVE-2019-4048

CVE-2019-4048 affects IBM Maximo Asset Management 7.6. The vulnerability allows a physical user to obtain sensitive information from a previous user on the same machine (a back-and-refresh-type information disclosure). Affected core product: Maximo Asset Management 7.6 (and related Industry Solut...

2.1CVSS3.1AI score0.00307EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.76 views

CVE-2019-4056

IBM Maximo Asset Management 7.6 Work Centers' application lacks file type validation during upload, enabling upload of malicious files. Affected product: IBM Maximo Asset Management (core 7.6, with Industry Solutions and IBM Control Desk on top). Root cause: the upload workflow does not validate ...

4.3CVSS4.5AI score0.00863EPSS
CVE
CVE
added 2019/06/19 1:30 p.m.72 views

CVE-2019-4303

IBM Maximo Asset Management 7.6 is affected by a cross-site scripting vulnerability (CVE-2019-4303) that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Maximo Asset Management core 7.6...

5.4CVSS5.2AI score0.00987EPSS
CVE
CVE
added 2019/06/19 1:30 p.m.72 views

CVE-2019-4364

CVE-2019-4364 affects IBM Maximo Asset Management core product 7.6. The vulnerability is CSV injection that could allow a remote authenticated attacker to execute arbitrary commands on the system. Remediation is provided by IBM Fix Central; affected 7.6 versions include 7.6.1.1 FP, 7.6.0.10 iFix,...

8.5CVSS7.6AI score0.02615EPSS
CVE
CVE
added 2019/06/06 12:35 a.m.70 views

CVE-2018-2028

CVE-2018-2028 affects IBM Maximo Asset Management 7.6. An authenticated user could replace a target page with a phishing site, potentially exposing highly sensitive information (confidentiality impact). The IBM bulletin lists affected core: Maximo Asset Management 7.6 (and related Industry Soluti...

6.5CVSS6AI score0.00784EPSS
CVE
CVE
added 2019/10/24 12:0 p.m.68 views

CVE-2019-4486

CVE-2019-4486 affects IBM Maximo Asset Management 7.6. The vulnerability is a cross-site scripting flaw that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Affected core version: Maximo Asset Management 7.6, with likely ...

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2020/02/18 4:3 p.m.64 views

CVE-2013-3323

Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...

9.8CVSS9.2AI score0.02868EPSS
CVE
CVE
added 2015/02/17 1:0 a.m.63 views

CVE-2014-6102

CVE-2014-6102 affects IBM Maximo Asset Management and related products, where improper logout handling allows a local user to bypass Cognos BI Direct Integration access controls via an unattended workstation. Affected versions include Maximo Asset Management 7.1–7.1.1.13 and 7.5.0 up to 7.5.0.6 (...

2.1CVSS6.8AI score0.00486EPSS
CVE
CVE
added 2017/04/24 6:12 a.m.63 views

CVE-2015-0107

CVE-2015-0107 is a directory traversal vulnerability in IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management and Maximo Industry Solutions (7.1–7.1.1.8, 7.2; 7.5 before 7.5.0.7 IFIX003; 7.6 befor...

6.5CVSS6.6AI score0.05956EPSS
CVE
CVE
added 2017/04/24 6:12 a.m.61 views

CVE-2015-0104

CVE-2015-0104 affects IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management/Maximo Industry Solutions (7.1–7.1.1.8, 7.5 before 7.5.0.7 IFIX003, 7.6 before 7.6.0.0 IFIX002). The issue is a Remote C...

8.8CVSS8.6AI score0.06849EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.60 views

CVE-2015-7452

IBM Maximo Asset Management (versions 7.6 and 7.5, including related Maximo variants and SmartCloud Control Desk) has a vulnerability that could allow remote authenticated users to obtain sensitive information via the REST API. The issue is documented with CVSS v3 base score 4.3 (LOW). Affected p...

4.3CVSS4.2AI score0.00888EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.60 views

CVE-2019-4749

CVE-2019-4749 denotes a cross-site scripting vulnerability in IBM Maximo Asset Management 7.6, allowing arbitrary JavaScript in the Web UI and potentially exposing credentials in a trusted session. IBM’s bulletin identifies affected core versions, notably 7.6.1.1, and directs remediation via inte...

5.4CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.59 views

CVE-2014-0914

CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...

3.5CVSS5.4AI score0.0107EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.59 views

CVE-2015-5051

CVE-2015-5051 affects IBM Maximo Asset Management and SmartCloud Control Desk, where an authenticated remote user can bypass access controls to view query results, as described by IBM/NVD entries. Affected: Maximo Asset Management 7.6 and 7.5 (with specific IFs: 7.6.0.2 IF1; 7.5.0.8 IF6; also 7.5...

4.3CVSS4.3AI score0.00935EPSS
CVE
CVE
added 2015/11/08 10:0 p.m.58 views

CVE-2015-4966

CVE-2015-4966 affects IBM Maximo Asset Management core products (versions 7.1, 7.5, 7.6 and associated SmartCloud Control Desk/Tivoli IT Asset Management for IT, etc.). The flaw is a default administrator account that could allow remote authenticated users to gain administrative access via unspec...

6.5CVSS8AI score0.01527EPSS
CVE
CVE
added 2016/03/12 3:0 p.m.58 views

CVE-2015-7448

CVE-2015-7448 is a SQL injection vulnerability affecting IBM Maximo Asset Management (and related Tivoli/SmartCloud Control Desk components) where remote authenticated users can cause arbitrary SQL execution via unspecified vectors. Affected products/versions include Maximo Asset Management 7.1–7...

6.5CVSS6AI score0.00707EPSS
CVE
CVE
added 2016/01/27 2:0 a.m.58 views

CVE-2015-7487

CVE-2015-7487 affects IBM Maximo Asset Management and related Tivoli products. The vulnerability allows a local attacker with administrative privileges to read log files and obtain sensitive information, due to improper handling of logs in several Maximo/Tivoli components (Maximo Asset Management...

4.9CVSS4.1AI score0.00284EPSS
CVE
CVE
added 2015/10/05 10:0 a.m.56 views

CVE-2015-4944

CVE-2015-4944 is an XSS vulnerability in IBM Maximo Asset Management and related IBM products (including SmartCloud Control Desk, Tivoli IT Asset Management for IT, and others built on affected core versions). The root cause is improper validation of user input, allowing remote authenticated atta...

3.5CVSS5.3AI score0.00783EPSS
CVE
CVE
added 2015/10/05 10:0 a.m.56 views

CVE-2015-4967

IBM Maximo Asset Management is affected by CVE-2015-4967, a SQL injection vulnerability. A remote attacker could send specially-crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected products and versions include Maximo Asset Management (7.6, 7.5, 7.1), Max...

6.5CVSS7.9AI score0.00991EPSS
CVE
CVE
added 2015/02/17 1:0 a.m.55 views

CVE-2014-6194

CVE-2014-6194 describes a directory traversal vulnerability in IBM Maximo Asset Management and related products that allows remote authenticated users to read arbitrary files via a ".." in a pathname. Affected are IBM Maximo Asset Management 7.1–7.1.1.13; 7.5.0 before 7.5.0.6 IFIX007; Maximo Asse...

4CVSS6.3AI score0.01441EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.55 views

CVE-2015-1934

CVE-2015-1934 affects IBM Maximo Asset Management and related products. The root issue is weak encryption of passwords, allowing context-dependent attackers with access to a password file to obtain cleartext passwords. Affected versions include Maximo Asset Management 7.1–7.1.1.13, 7.5.x before 7...

5CVSS6.6AI score0.00993EPSS
CVE
CVE
added 2020/02/24 3:35 p.m.55 views

CVE-2019-4745

CVE-2019-4745 affects IBM Maximo Asset Management core 7.6.1.0. Root cause: path information disclosure in the URL leading to potential sensitive data exposure to an authenticated user. CVSS base score 4.3 (MEDIUM). Remediation: apply fixes for 7.6.1.0 (e.g., 7.6.1.0 iFix015 or latest Interim Fix...

4.3CVSS4.1AI score0.00871EPSS
CVE
CVE
added 2020/09/16 3:55 p.m.55 views

CVE-2020-4409

The CVE-2020-4409 issue affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1, where a remote attacker could conduct phishing via a tabnabbing attack by steering a user to a crafted site and then redirecting to a trusted-appearing malicious page. Root cause is a reverse tabnab...

8.2CVSS7.6AI score0.00893EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.54 views

CVE-2014-0915

CVE-2014-0915 affects IBM Maximo and related products (Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government/Nuclear Power/Transportation/Life Sciences/Oil & Gas/Utilities, Tivoli IT, Tivoli Service Request Manager, Maximo Service Desk, CMDB, SmartCloud Control Desk) ...

3.5CVSS5.4AI score0.01046EPSS
CVE
CVE
added 2016/01/02 9:0 p.m.54 views

CVE-2015-7396

CVE-2015-7396 affects IBM Maximo Asset Management (and related solutions) including Maximo Asset Management 7.6 and 7.5, Maximo Asset Management Essentials, several Industry Solutions, and SmartCloud Control Desk. The issue lies in the Scheduler functionality, which could allow an authenticated r...

5.5CVSS5AI score0.00791EPSS
CVE
CVE
added 2019/10/09 3:0 p.m.54 views

CVE-2019-4512

CVE-2019-4512 affects IBM Maximo Asset Management 7.6.1.1. The vulnerability arises from an error message that leaks sensitive information, enabling information disclosure. The IBM Security Bulletin lists affected products (core Maximo Asset Management 7.6.1.1 and related Industry Solutions/Contr...

4.3CVSS4.2AI score0.00994EPSS
CVE
CVE
added 2015/02/18 2:0 a.m.53 views

CVE-2015-0109

CVE-2015-0109 is a Cross-site Scripting (XSS) vulnerability affecting IBM Tivoli/TAM products (Maximo Asset Management, Tivoli IT Asset Management for IT, Tivoli Service Request Manager, etc.) across multiple versions (7.1–7.6, including various 7.1.1.x and 7.2 lines). The flaw allows remote auth...

3.5CVSS6.3AI score0.00759EPSS
CVE
CVE
added 2016/01/03 2:0 a.m.53 views

CVE-2015-5017

The CVE-2015-5017 issue affects IBM Maximo Asset Management family (including Maximo Asset Management 7.6, 7.5, 7.1; Essentials; and related products like SmartCloud Control Desk and Tivoli IT Asset Management for IT). It allows remote authenticated users to bypass access controls by signing in w...

5.5CVSS5.2AI score0.00661EPSS
CVE
CVE
added 2016/03/14 1:0 a.m.53 views

CVE-2016-0222

IBM Maximo Asset Management 7.6 is affected by CVE-2016-0222; versions prior to 7.6.0.3 IFIX001 allow an authenticated remote user to bypass access controls and read arbitrary purchase-order work logs via unspecified vectors. The IBM advisory recommends applying the corresponding Fix Central inte...

4.3CVSS4.2AI score0.00782EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.53 views

CVE-2019-4644

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting in the Web UI, allowing injection of arbitrary JavaScript and potentially credential disclosure within a trusted session. Affected core versions include 7.6.0.10, 7.6.1.0, and 7.6.1.1 (with related industry solutions). IBM’s ad...

6.1CVSS5.8AI score0.00872EPSS
CVE
CVE
added 2015/10/05 10:0 a.m.52 views

CVE-2015-4965

Summary: CVE-2015-4965 is a misconfiguration in IBM Maximo Asset Management and related products that could allow an authenticated user to view backup and debug application files, potentially exposing sensitive information. Affected products (per bulletins): Maximo Asset Management 7.6, 7.5, 7.1;...

4CVSS5.8AI score0.00966EPSS
CVE
CVE
added 2014/10/02 12:0 a.m.51 views

CVE-2014-4765

CVE-2014-4765 affects IBM Maximo Asset Management and related IBM products (e.g., SmartCloud Control Desk, Tivoli IT Asset Management for IT, and related Maximo variants) with an information-disclosure flaw that lets remote attackers read an error message to obtain sensitive directory information...

5CVSS6.4AI score0.01173EPSS
CVE
CVE
added 2015/10/04 1:0 a.m.51 views

CVE-2015-1933

CVE-2015-1933 affects IBM Maximo Asset Management and related products; the root cause is that the password input field autocomplete attribute is not set to false, enabling local attackers to obtain account information via an unattended workstation. Affected versions include Maximo Asset Manageme...

2.1CVSS6.8AI score0.00444EPSS
CVE
CVE
added 2018/03/27 5:0 p.m.51 views

CVE-2015-5016

CVE-2015-5016 affects IBM Maximo Asset Management family (7.6/7.5/7.1), Maximo Asset Management Essentials (7.5/7.1), plus related IBM products (Control Desk 7.5/7.6; Tivoli Asset Management for IT 7.1/7.2; others). The issue allows a remote authenticated user to bypass access restrictions and re...

4.3CVSS4.2AI score0.00993EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.51 views

CVE-2016-6072

CVE-2016-6072 affects IBM Maximo Asset Management core product (version 7.6) and related IBM Maximo Industry Solutions/Control Desk products when installed on affected cores. The vulnerability is a cross-site scripting flaw in the Web UI that lets an attacker embed arbitrary JavaScript, potential...

5.4CVSS5.2AI score0.00538EPSS
CVE
CVE
added 2018/08/03 3:0 p.m.51 views

CVE-2018-1524

CVE-2018-1524 affects IBM Maximo Asset Management 7.6 through 7.6.3, where installation includes a default administrator account that could be exploited by a remote attacker to gain administrator access. This issue stems from an incomplete fix for CVE-2015-4966. IBM's related advisories indicate ...

9CVSS8.5AI score0.01873EPSS
CVE
CVE
added 2020/02/19 3:15 p.m.51 views

CVE-2019-4429

CVE-2019-4429 affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1. The issue is a cross-site scripting vulnerability in the Web UI, allowing an attacker to embed arbitrary JavaScript code that could alter functionality and potentially disclose credentials within a trusted se...

5.4CVSS5.2AI score0.00561EPSS
CVE
CVE
added 2015/02/18 2:0 a.m.50 views

CVE-2015-0108

CVE-2015-0108 is a cross-site scripting (XSS) vulnerability affecting IBM Tivoli IT Asset Management for IT and related IBM Maximo assets (7.1–7.1.1.8, 7.2). The issue allows remote authenticated users to inject arbitrary web script/HTML via unspecified vectors due to insecure handling in the aff...

4.3CVSS6.3AI score0.00931EPSS
CVE
CVE
added 2015/11/08 2:0 a.m.50 views

CVE-2015-7395

CVE-2015-7395 affects IBM Maximo Asset Management and related IBM products (SmartCloud Control Desk, Tivoli IT Asset Management for IT, Service Request Manager, CRM/DB components). The issue allows a remote authenticated user to bypass work-order change restrictions due to improper access control...

4CVSS6.2AI score0.00963EPSS
CVE
CVE
added 2013/12/18 11:0 a.m.46 views

CVE-2013-5402

CVE-2013-5402 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management and related IBM products (Asset Management Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; SmartCloud Control Desk; Tivoli Asset Management for IT; Tivol...

3.5CVSS5.4AI score0.00946EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.46 views

CVE-2014-3025

CVE-2014-3025 is a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and related IBM/Tivoli products. It affects multiple versions (Maximo AM 6.2–6.2.8, 7.1–7.1.1.2, 7.5–7.5.0.6; and SmartCloud Control Desk; Tivoli Asset Management for IT, Tivoli Service Request Manager, Max...

3.5CVSS5.5AI score0.00946EPSS
CVE
CVE
added 2016/01/02 2:0 a.m.46 views

CVE-2015-7451

CVE-2015-7451 is an XSS vulnerability in IBM Maximo Asset Management (and related SmartCloud Control Desk) caused by improper validation of user-supplied input. The issue affects multiple Maximo versions (7.5/7.6 and various fixes) and can be triggered by a crafted URL to execute script in a vict...

5.4CVSS5AI score0.00651EPSS
CVE
CVE
added 2018/08/06 2:0 p.m.46 views

CVE-2018-1528

IBM Maximo Asset Management 7.6 (core) is affected by CVE-2018-1528, allowing an authenticated user to obtain sensitive information via the WhoAmI API, with CVSSv3 base score 4.3 (LOW to MEDIUM range depending on vector). The IBM Security Bulletin lists affected versions (7.6 and all dependent IB...

4.3CVSS4.1AI score0.01316EPSS
CVE
CVE
added 2020/04/17 1:25 p.m.46 views

CVE-2019-4446

IBM Maximo Asset Management 7.6.x is affected by CVE-2019-4446 through insecure permissions that allow an authenticated user to perform actions by modifying request parameters. Affected core Product versions: 7.6.0, 7.6.1, and 7.6.1.1 (including related Industry Solutions and IBM Control Desk com...

5.5CVSS5.2AI score0.00781EPSS
CVE
CVE
added 2017/02/08 10:0 p.m.43 views

CVE-2016-5902

CVE-2016-5902 affects IBM Maximo Asset Management. The IBM bulletin documents a cross-site scripting flaw in the Web UI that can lead to credential disclosure within a trusted session. Affected core versions: 7.6, 7.5, 7.1 (with various Industry Solutions/SmartCloud components on these cores). Ro...

6.1CVSS5.9AI score0.00873EPSS