Lucene search

K
IbmMaximo For Utilities

45 matches found

CVE
CVE
added 2019/06/06 1:29 a.m.76 views

CVE-2019-4048

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

2.1CVSS3.1AI score0.00079EPSS
CVE
CVE
added 2019/06/06 1:29 a.m.63 views

CVE-2019-4056

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

4.3CVSS4.5AI score0.00214EPSS
CVE
CVE
added 2019/06/19 2:15 p.m.63 views

CVE-2019-4364

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

8.5CVSS7.6AI score0.01296EPSS
CVE
CVE
added 2019/06/19 2:15 p.m.62 views

CVE-2019-4303

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.

5.4CVSS5.2AI score0.00229EPSS
CVE
CVE
added 2019/06/06 1:29 a.m.59 views

CVE-2018-2028

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

6.5CVSS6AI score0.00087EPSS
CVE
CVE
added 2019/10/24 12:15 p.m.53 views

CVE-2019-4486

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.

5.4CVSS5.2AI score0.00211EPSS
CVE
CVE
added 2017/04/24 6:59 a.m.49 views

CVE-2015-0104

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote ...

8.8CVSS8.6AI score0.02037EPSS
CVE
CVE
added 2020/02/18 5:15 p.m.48 views

CVE-2013-3323

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

9.8CVSS9.2AI score0.00534EPSS
CVE
CVE
added 2015/02/17 1:59 a.m.45 views

CVE-2014-6102

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other pr...

2.1CVSS6.8AI score0.00125EPSS
CVE
CVE
added 2015/10/06 1:59 a.m.45 views

CVE-2015-4967

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through...

6.5CVSS7.9AI score0.00277EPSS
CVE
CVE
added 2016/01/02 9:59 p.m.45 views

CVE-2015-7396

The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensi...

5.5CVSS5AI score0.00133EPSS
CVE
CVE
added 2020/02/24 4:15 p.m.45 views

CVE-2019-4745

IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.

4.3CVSS4.1AI score0.00179EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.45 views

CVE-2019-4749

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.

5.4CVSS5.2AI score0.00158EPSS
CVE
CVE
added 2017/04/24 6:59 a.m.44 views

CVE-2015-0107

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote ...

6.5CVSS6.6AI score0.07172EPSS
CVE
CVE
added 2015/10/06 1:59 a.m.44 views

CVE-2015-4944

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Managemen...

3.5CVSS5.3AI score0.00166EPSS
CVE
CVE
added 2015/11/08 10:59 p.m.44 views

CVE-2015-4966

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivol...

6.5CVSS8AI score0.00349EPSS
CVE
CVE
added 2016/01/03 5:59 a.m.44 views

CVE-2015-5051

IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified ve...

4.3CVSS4.3AI score0.00137EPSS
CVE
CVE
added 2014/07/30 11:15 a.m.43 views

CVE-2014-0914

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management ...

3.5CVSS5.4AI score0.00301EPSS
CVE
CVE
added 2015/02/17 1:59 a.m.43 views

CVE-2014-6194

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 an...

4CVSS6.3AI score0.00584EPSS
CVE
CVE
added 2014/07/30 11:15 a.m.42 views

CVE-2014-0915

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2....

3.5CVSS5.4AI score0.00301EPSS
CVE
CVE
added 2016/03/14 1:59 a.m.42 views

CVE-2016-0222

IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.

4.3CVSS4.2AI score0.00108EPSS
CVE
CVE
added 2020/09/16 4:15 p.m.42 views

CVE-2020-4409

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would ap...

8.2CVSS7.6AI score0.00162EPSS
CVE
CVE
added 2015/02/18 2:59 a.m.41 views

CVE-2015-0109

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspeci...

3.5CVSS6.3AI score0.07172EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.41 views

CVE-2015-1934

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT...

5CVSS6.6AI score0.00236EPSS
CVE
CVE
added 2015/10/06 1:59 a.m.41 views

CVE-2015-4965

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset...

4CVSS5.8AI score0.00146EPSS
CVE
CVE
added 2016/01/27 5:59 a.m.41 views

CVE-2015-7487

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for T...

4.9CVSS4.1AI score0.00052EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.41 views

CVE-2019-4644

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.

6.1CVSS5.8AI score0.00166EPSS
CVE
CVE
added 2016/03/12 3:59 p.m.40 views

CVE-2015-7448

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1...

6.5CVSS6AI score0.00126EPSS
CVE
CVE
added 2019/10/09 4:15 p.m.40 views

CVE-2019-4512

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.

4.3CVSS4.2AI score0.00119EPSS
CVE
CVE
added 2015/02/18 2:59 a.m.39 views

CVE-2015-0108

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspeci...

4.3CVSS6.3AI score0.07172EPSS
CVE
CVE
added 2016/01/03 5:59 a.m.39 views

CVE-2015-5017

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for T...

5.5CVSS5.2AI score0.00105EPSS
CVE
CVE
added 2017/02/01 8:59 p.m.39 views

CVE-2016-6072

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS5.2AI score0.00227EPSS
CVE
CVE
added 2020/02/19 4:15 p.m.39 views

CVE-2019-4429

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886...

5.4CVSS5.2AI score0.00239EPSS
CVE
CVE
added 2014/10/02 12:55 a.m.38 views

CVE-2014-4765

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attack...

5CVSS6.4AI score0.00225EPSS
CVE
CVE
added 2015/10/04 2:59 a.m.38 views

CVE-2015-1933

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT...

2.1CVSS6.8AI score0.00079EPSS
CVE
CVE
added 2018/03/27 5:29 p.m.38 views

CVE-2015-5016

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket workl...

4.3CVSS4.2AI score0.00105EPSS
CVE
CVE
added 2016/01/02 9:59 p.m.38 views

CVE-2015-7452

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API.

4.3CVSS4.2AI score0.00155EPSS
CVE
CVE
added 2018/08/03 3:29 p.m.38 views

CVE-2018-1524

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.

9CVSS8.5AI score0.00393EPSS
CVE
CVE
added 2016/01/02 5:59 a.m.37 views

CVE-2015-7451

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web scrip...

5.4CVSS5AI score0.00168EPSS
CVE
CVE
added 2015/11/08 3:59 a.m.36 views

CVE-2015-7395

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivol...

4CVSS6.2AI score0.00111EPSS
CVE
CVE
added 2018/08/06 2:29 p.m.36 views

CVE-2018-1528

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.

4.3CVSS4.1AI score0.00163EPSS
CVE
CVE
added 2013/12/18 4:4 p.m.35 views

CVE-2013-5402

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 befo...

3.5CVSS5.4AI score0.0018EPSS
CVE
CVE
added 2014/07/30 11:15 a.m.35 views

CVE-2014-3025

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2....

3.5CVSS5.5AI score0.00208EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.35 views

CVE-2019-4446

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.

5.5CVSS5.2AI score0.00116EPSS
CVE
CVE
added 2017/02/08 10:59 p.m.34 views

CVE-2016-5902

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

6.1CVSS5.9AI score0.00317EPSS