45 matches found
CVE-2019-4048
CVE-2019-4048 affects IBM Maximo Asset Management 7.6. The vulnerability allows a physical user to obtain sensitive information from a previous user on the same machine (a back-and-refresh-type information disclosure). Affected core product: Maximo Asset Management 7.6 (and related Industry Solut...
CVE-2019-4056
IBM Maximo Asset Management 7.6 Work Centers' application lacks file type validation during upload, enabling upload of malicious files. Affected product: IBM Maximo Asset Management (core 7.6, with Industry Solutions and IBM Control Desk on top). Root cause: the upload workflow does not validate ...
CVE-2019-4303
IBM Maximo Asset Management 7.6 is affected by a cross-site scripting vulnerability (CVE-2019-4303) that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Maximo Asset Management core 7.6...
CVE-2019-4364
CVE-2019-4364 affects IBM Maximo Asset Management core product 7.6. The vulnerability is CSV injection that could allow a remote authenticated attacker to execute arbitrary commands on the system. Remediation is provided by IBM Fix Central; affected 7.6 versions include 7.6.1.1 FP, 7.6.0.10 iFix,...
CVE-2018-2028
CVE-2018-2028 affects IBM Maximo Asset Management 7.6. An authenticated user could replace a target page with a phishing site, potentially exposing highly sensitive information (confidentiality impact). The IBM bulletin lists affected core: Maximo Asset Management 7.6 (and related Industry Soluti...
CVE-2019-4486
CVE-2019-4486 affects IBM Maximo Asset Management 7.6. The vulnerability is a cross-site scripting flaw that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Affected core version: Maximo Asset Management 7.6, with likely ...
CVE-2013-3323
Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...
CVE-2014-6102
CVE-2014-6102 affects IBM Maximo Asset Management and related products, where improper logout handling allows a local user to bypass Cognos BI Direct Integration access controls via an unattended workstation. Affected versions include Maximo Asset Management 7.1–7.1.1.13 and 7.5.0 up to 7.5.0.6 (...
CVE-2015-0107
CVE-2015-0107 is a directory traversal vulnerability in IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management and Maximo Industry Solutions (7.1–7.1.1.8, 7.2; 7.5 before 7.5.0.7 IFIX003; 7.6 befor...
CVE-2015-0104
CVE-2015-0104 affects IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Change and Configuration Management Database (7.2, 7.1) and Maximo Asset Management/Maximo Industry Solutions (7.1–7.1.1.8, 7.5 before 7.5.0.7 IFIX003, 7.6 before 7.6.0.0 IFIX002). The issue is a Remote C...
CVE-2015-7452
IBM Maximo Asset Management (versions 7.6 and 7.5, including related Maximo variants and SmartCloud Control Desk) has a vulnerability that could allow remote authenticated users to obtain sensitive information via the REST API. The issue is documented with CVSS v3 base score 4.3 (LOW). Affected p...
CVE-2019-4749
CVE-2019-4749 denotes a cross-site scripting vulnerability in IBM Maximo Asset Management 7.6, allowing arbitrary JavaScript in the Web UI and potentially exposing credentials in a trusted session. IBM’s bulletin identifies affected core versions, notably 7.6.1.1, and directs remediation via inte...
CVE-2014-0914
CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...
CVE-2015-5051
CVE-2015-5051 affects IBM Maximo Asset Management and SmartCloud Control Desk, where an authenticated remote user can bypass access controls to view query results, as described by IBM/NVD entries. Affected: Maximo Asset Management 7.6 and 7.5 (with specific IFs: 7.6.0.2 IF1; 7.5.0.8 IF6; also 7.5...
CVE-2015-4966
CVE-2015-4966 affects IBM Maximo Asset Management core products (versions 7.1, 7.5, 7.6 and associated SmartCloud Control Desk/Tivoli IT Asset Management for IT, etc.). The flaw is a default administrator account that could allow remote authenticated users to gain administrative access via unspec...
CVE-2015-7448
CVE-2015-7448 is a SQL injection vulnerability affecting IBM Maximo Asset Management (and related Tivoli/SmartCloud Control Desk components) where remote authenticated users can cause arbitrary SQL execution via unspecified vectors. Affected products/versions include Maximo Asset Management 7.1–7...
CVE-2015-7487
CVE-2015-7487 affects IBM Maximo Asset Management and related Tivoli products. The vulnerability allows a local attacker with administrative privileges to read log files and obtain sensitive information, due to improper handling of logs in several Maximo/Tivoli components (Maximo Asset Management...
CVE-2015-4944
CVE-2015-4944 is an XSS vulnerability in IBM Maximo Asset Management and related IBM products (including SmartCloud Control Desk, Tivoli IT Asset Management for IT, and others built on affected core versions). The root cause is improper validation of user input, allowing remote authenticated atta...
CVE-2015-4967
IBM Maximo Asset Management is affected by CVE-2015-4967, a SQL injection vulnerability. A remote attacker could send specially-crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected products and versions include Maximo Asset Management (7.6, 7.5, 7.1), Max...
CVE-2014-6194
CVE-2014-6194 describes a directory traversal vulnerability in IBM Maximo Asset Management and related products that allows remote authenticated users to read arbitrary files via a ".." in a pathname. Affected are IBM Maximo Asset Management 7.1–7.1.1.13; 7.5.0 before 7.5.0.6 IFIX007; Maximo Asse...
CVE-2015-1934
CVE-2015-1934 affects IBM Maximo Asset Management and related products. The root issue is weak encryption of passwords, allowing context-dependent attackers with access to a password file to obtain cleartext passwords. Affected versions include Maximo Asset Management 7.1–7.1.1.13, 7.5.x before 7...
CVE-2019-4745
CVE-2019-4745 affects IBM Maximo Asset Management core 7.6.1.0. Root cause: path information disclosure in the URL leading to potential sensitive data exposure to an authenticated user. CVSS base score 4.3 (MEDIUM). Remediation: apply fixes for 7.6.1.0 (e.g., 7.6.1.0 iFix015 or latest Interim Fix...
CVE-2020-4409
The CVE-2020-4409 issue affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1, where a remote attacker could conduct phishing via a tabnabbing attack by steering a user to a crafted site and then redirecting to a trusted-appearing malicious page. Root cause is a reverse tabnab...
CVE-2014-0915
CVE-2014-0915 affects IBM Maximo and related products (Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government/Nuclear Power/Transportation/Life Sciences/Oil & Gas/Utilities, Tivoli IT, Tivoli Service Request Manager, Maximo Service Desk, CMDB, SmartCloud Control Desk) ...
CVE-2015-7396
CVE-2015-7396 affects IBM Maximo Asset Management (and related solutions) including Maximo Asset Management 7.6 and 7.5, Maximo Asset Management Essentials, several Industry Solutions, and SmartCloud Control Desk. The issue lies in the Scheduler functionality, which could allow an authenticated r...
CVE-2019-4512
CVE-2019-4512 affects IBM Maximo Asset Management 7.6.1.1. The vulnerability arises from an error message that leaks sensitive information, enabling information disclosure. The IBM Security Bulletin lists affected products (core Maximo Asset Management 7.6.1.1 and related Industry Solutions/Contr...
CVE-2015-0109
CVE-2015-0109 is a Cross-site Scripting (XSS) vulnerability affecting IBM Tivoli/TAM products (Maximo Asset Management, Tivoli IT Asset Management for IT, Tivoli Service Request Manager, etc.) across multiple versions (7.1–7.6, including various 7.1.1.x and 7.2 lines). The flaw allows remote auth...
CVE-2015-5017
The CVE-2015-5017 issue affects IBM Maximo Asset Management family (including Maximo Asset Management 7.6, 7.5, 7.1; Essentials; and related products like SmartCloud Control Desk and Tivoli IT Asset Management for IT). It allows remote authenticated users to bypass access controls by signing in w...
CVE-2016-0222
IBM Maximo Asset Management 7.6 is affected by CVE-2016-0222; versions prior to 7.6.0.3 IFIX001 allow an authenticated remote user to bypass access controls and read arbitrary purchase-order work logs via unspecified vectors. The IBM advisory recommends applying the corresponding Fix Central inte...
CVE-2019-4644
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting in the Web UI, allowing injection of arbitrary JavaScript and potentially credential disclosure within a trusted session. Affected core versions include 7.6.0.10, 7.6.1.0, and 7.6.1.1 (with related industry solutions). IBM’s ad...
CVE-2015-4965
Summary: CVE-2015-4965 is a misconfiguration in IBM Maximo Asset Management and related products that could allow an authenticated user to view backup and debug application files, potentially exposing sensitive information. Affected products (per bulletins): Maximo Asset Management 7.6, 7.5, 7.1;...
CVE-2014-4765
CVE-2014-4765 affects IBM Maximo Asset Management and related IBM products (e.g., SmartCloud Control Desk, Tivoli IT Asset Management for IT, and related Maximo variants) with an information-disclosure flaw that lets remote attackers read an error message to obtain sensitive directory information...
CVE-2015-1933
CVE-2015-1933 affects IBM Maximo Asset Management and related products; the root cause is that the password input field autocomplete attribute is not set to false, enabling local attackers to obtain account information via an unattended workstation. Affected versions include Maximo Asset Manageme...
CVE-2015-5016
CVE-2015-5016 affects IBM Maximo Asset Management family (7.6/7.5/7.1), Maximo Asset Management Essentials (7.5/7.1), plus related IBM products (Control Desk 7.5/7.6; Tivoli Asset Management for IT 7.1/7.2; others). The issue allows a remote authenticated user to bypass access restrictions and re...
CVE-2016-6072
CVE-2016-6072 affects IBM Maximo Asset Management core product (version 7.6) and related IBM Maximo Industry Solutions/Control Desk products when installed on affected cores. The vulnerability is a cross-site scripting flaw in the Web UI that lets an attacker embed arbitrary JavaScript, potential...
CVE-2018-1524
CVE-2018-1524 affects IBM Maximo Asset Management 7.6 through 7.6.3, where installation includes a default administrator account that could be exploited by a remote attacker to gain administrator access. This issue stems from an incomplete fix for CVE-2015-4966. IBM's related advisories indicate ...
CVE-2019-4429
CVE-2019-4429 affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1. The issue is a cross-site scripting vulnerability in the Web UI, allowing an attacker to embed arbitrary JavaScript code that could alter functionality and potentially disclose credentials within a trusted se...
CVE-2015-0108
CVE-2015-0108 is a cross-site scripting (XSS) vulnerability affecting IBM Tivoli IT Asset Management for IT and related IBM Maximo assets (7.1–7.1.1.8, 7.2). The issue allows remote authenticated users to inject arbitrary web script/HTML via unspecified vectors due to insecure handling in the aff...
CVE-2015-7395
CVE-2015-7395 affects IBM Maximo Asset Management and related IBM products (SmartCloud Control Desk, Tivoli IT Asset Management for IT, Service Request Manager, CRM/DB components). The issue allows a remote authenticated user to bypass work-order change restrictions due to improper access control...
CVE-2013-5402
CVE-2013-5402 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management and related IBM products (Asset Management Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; SmartCloud Control Desk; Tivoli Asset Management for IT; Tivol...
CVE-2014-3025
CVE-2014-3025 is a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and related IBM/Tivoli products. It affects multiple versions (Maximo AM 6.2–6.2.8, 7.1–7.1.1.2, 7.5–7.5.0.6; and SmartCloud Control Desk; Tivoli Asset Management for IT, Tivoli Service Request Manager, Max...
CVE-2015-7451
CVE-2015-7451 is an XSS vulnerability in IBM Maximo Asset Management (and related SmartCloud Control Desk) caused by improper validation of user-supplied input. The issue affects multiple Maximo versions (7.5/7.6 and various fixes) and can be triggered by a crafted URL to execute script in a vict...
CVE-2018-1528
IBM Maximo Asset Management 7.6 (core) is affected by CVE-2018-1528, allowing an authenticated user to obtain sensitive information via the WhoAmI API, with CVSSv3 base score 4.3 (LOW to MEDIUM range depending on vector). The IBM Security Bulletin lists affected versions (7.6 and all dependent IB...
CVE-2019-4446
IBM Maximo Asset Management 7.6.x is affected by CVE-2019-4446 through insecure permissions that allow an authenticated user to perform actions by modifying request parameters. Affected core Product versions: 7.6.0, 7.6.1, and 7.6.1.1 (including related Industry Solutions and IBM Control Desk com...
CVE-2016-5902
CVE-2016-5902 affects IBM Maximo Asset Management. The IBM bulletin documents a cross-site scripting flaw in the Web UI that can lead to credential disclosure within a trusted session. Affected core versions: 7.6, 7.5, 7.1 (with various Industry Solutions/SmartCloud components on these cores). Ro...