Lucene search
K
IbmMaximo Service Desk

28 matches found

CVE
CVE
added 2020/02/18 4:3 p.m.64 views

CVE-2013-3323

Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...

9.8CVSS9.2AI score0.02868EPSS
CVE
CVE
added 2014/05/26 4:0 p.m.64 views

CVE-2013-5465

CVE-2013-5465 concerns IBM Maximo and related Tivoli/SmartCloud products where uploads permit invalid file types due to inadequate input validation. The issue affects multiple versions across Maximo Asset Management (7.5, 7.1, 6.2), Maximo Asset Management Essentials, Maximo variants for Governme...

6.5CVSS6.5AI score0.01231EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.63 views

CVE-2012-3322

CVE-2012-3322 is an XSS vulnerability described across multiple IBM Maximo-related products (Maximo Asset Management 6.2–7.5, Essentials 6.2–7.5, TAM for IT 6.2–7.2, Service Request Manager 7.1–7.2, Service Desk 6.2, CCMDB 7.1–7.2, SmartCloud Control Desk 7.5). It allows remote authenticated user...

3.5CVSS5.3AI score0.00936EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.60 views

CVE-2012-0714

IBM Maximo-related CVE-2012-0714 is a Cross-Site Request Forgery affecting Maximo Asset Management 6.2–7.5 (and related IBM products such as SmartCloud Control Desk, Tivoli AIT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The IBM bulletin confirms the root cause as CSRF that ...

6.8CVSS7.2AI score0.01047EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.60 views

CVE-2012-3316

Technical details about CVE-2012-3316 are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, and fixes.

3.5CVSS5.4AI score0.00936EPSS
CVE
CVE
added 2014/05/26 4:0 p.m.60 views

CVE-2014-0824

CVE-2014-0824 is an XSS vulnerability in IBM Maximo Asset Management 7.x (and related Tivoli/CMDB components) where remote authenticated users can inject arbitrary web script or HTML via an attachment URL. Connected IBM advisories map affected releases to specific APARs (IV52829, IV41871, IV46511...

3.5CVSS5.4AI score0.00936EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.59 views

CVE-2011-1397

CVE-2011-1397 is a CSRF vulnerability in IBM Maximo and related products (Asset Management, Essentials, Tivoli AM for IT, Service Request Manager, Maximo Service Desk, CCMDB) affecting 6.2, 7.1, 7.2 and 7.5. Attack could hijack user authentication via the Labor Reporting page. IBM remediation via...

6.8CVSS7.3AI score0.01047EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.59 views

CVE-2014-0914

CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...

3.5CVSS5.4AI score0.0107EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.58 views

CVE-2012-0195

CVE-2012-0195 is a documented XSS vulnerability in the Start Center Layout and Configuration component across IBM Maximo Asset Management and Asset Management Essentials (6.2, 7.1, 7.5), IBM Tivoli Asset Management for IT (6.2, 7.1, 7.2), IBM Tivoli Service Request Manager (7.1, 7.2), IBM Maximo ...

4.3CVSS5.8AI score0.01951EPSS
CVE
CVE
added 2014/05/26 4:0 p.m.58 views

CVE-2013-4016

CVE-2013-4016 describes an SQL injection vulnerability in IBM Maximo family (Asset Management, SmartCloud Control Desk, Tivoli components) where a Birt report with a plain-text WHERE clause enables remote authenticated users to run arbitrary SQL. IBM’s bulletin lists multiple fixes per product/ve...

6.5CVSS8AI score0.01029EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.57 views

CVE-2011-1394

CVE-2011-1394 affects IBM Maximo/Asset Management family (6.2–7.5) and related Tivoli products (Asset Management for IT, Service Request Manager, Maximo Service Desk, CCMDB). The issue is a Denial of Service caused by memory exhaustion from establishing many UI sessions within a single HTTP sessi...

5CVSS6.8AI score0.02584EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.56 views

CVE-2012-0747

CVE-2012-0747 is an SQL injection vulnerability affecting IBM Maximo Asset Management across versions 6.2 through 7.5 (and enabled in related products such as SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The issue allows...

6.5CVSS8AI score0.0104EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.56 views

CVE-2012-2184

CVE-2012-2184 is a session‑fixation vulnerability in IBM Maximo Asset Management 7.1–7.5 (used in SmartCloud Control Desk, Tivoli AM for IT, SRM, Maximo Service Desk, CCMDB). The issue allows remote attackers to hijack web sessions via unspecified vectors. IBM’s bulletin lists affected releases a...

6.8CVSS6.7AI score0.01309EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.55 views

CVE-2012-3327

CVE-2012-3327 describes a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management (versions 6.2–7.5), Maximo Asset Management Essentials (6.2–7.5), Tivoli Asset Management for IT (6.2–7.2), Tivoli Service Request Manager (7.1–7.2), Maximo Service Desk (6.2), CCMDB (7.1–7.2), and S...

4.3CVSS5.8AI score0.01148EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.54 views

CVE-2011-4816

CVE-2011-4816 is a SQL injection vulnerability in the KPI component affecting IBM Maximo Asset Management and Asset Management Essentials (versions 6.2, 7.1, 7.5), IBM Tivoli Asset Management for IT (6.2, 7.1, 7.2), IBM Tivoli Service Request Manager (7.1, 7.2), IBM Maximo Service Desk (6.2), and...

6.5CVSS8AI score0.01696EPSS
CVE
CVE
added 2012/03/13 1:0 a.m.54 views

CVE-2011-4817

CVE-2011-4817 affects IBM Maximo Asset Management and related IBM assets (Asset Management Essentials, Tivoli AM for IT, Service Request Manager, Maximo Service Desk, CCMDB) on multiple versions (6.2, 7.1, 7.2/7.5). The issue is an information disclosure where the About menu in Help shows the use...

4CVSS6.3AI score0.01209EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.54 views

CVE-2012-2185

CVE-2012-2185 affects IBM Maximo Asset Management and related products (Maximo Asset Management 6.2–7.5 and associated suites) used with SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB. The IBM bulletin documents information ...

4CVSS5.8AI score0.01094EPSS
CVE
CVE
added 2014/05/26 4:0 p.m.54 views

CVE-2013-6741

The CVE-2013-6741 issue affects IBM Maximo Asset Management and related IBM Tivoli products, allowing remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error. Affected products include Maximo Asset Management 7.x (before 7.1.1.7 LAFIX.20140319...

3.5CVSS5.9AI score0.00951EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.54 views

CVE-2014-0915

CVE-2014-0915 affects IBM Maximo and related products (Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government/Nuclear Power/Transportation/Life Sciences/Oil & Gas/Utilities, Tivoli IT, Tivoli Service Request Manager, Maximo Service Desk, CMDB, SmartCloud Control Desk) ...

3.5CVSS5.4AI score0.01046EPSS
CVE
CVE
added 2014/05/26 4:0 p.m.53 views

CVE-2014-0825

The CVE-2014-0825 entry describes an XSS vulnerability in openreport.jsp affecting IBM Maximo Asset Management 7.x (including 7.1, 7.5 ranges) and related Tivoli/SmartCloud components, where remote authenticated users can inject arbitrary web script or HTML via a crafted report parameter. The IBM...

3.5CVSS5.3AI score0.00936EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.52 views

CVE-2012-0728

CVE-2012-0728 is an SQL injection in IBM Maximo Asset Management 7.1–7.5 (as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The vulnerability allows remote authenticated users to execute arbitrary SQL commands via ...

6.5CVSS8AI score0.0104EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.52 views

CVE-2012-2183

IBM’s advisory confirms CVE-2012-2183 is a session-fixation vulnerability affecting IBM Maximo Asset Management products (7.5, 7.1, 6.2) and related offerings (SmartCloud Control Desk, Tivoli IT/Service Request Manager, Maximo Service Desk, CCMDB). The issue originates from how web sessions are e...

6.8CVSS6.7AI score0.02021EPSS
CVE
CVE
added 2013/02/20 11:0 a.m.51 views

CVE-2012-6355

CVE-2012-6355 affects IBM Maximo Asset Management (versions 6.2–7.5), Maximo Asset Management Essentials (6.2–7.5), Tivoli Asset Management for IT (6.2–7.2), Tivoli Service Request Manager (7.1–7.2), Maximo Service Desk (6.2), CCMDB (7.1–7.2), and SmartCloud Control Desk (7.5). The vulnerability ...

6.5CVSS6.6AI score0.01231EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.50 views

CVE-2012-0727

CVE-2012-0727 is an SQL injection vulnerability affecting IBM Maximo Asset Management family (7.5, 7.1, 6.2) and related products (SmartCloud Control Desk, Tivoli AIM, Tivoli Service Request Manager, Maximo Service Desk, CCMDB). The root cause is SQL injection in certain components, allowing remo...

6.5CVSS8AI score0.0104EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.49 views

CVE-2012-3313

CVE-2012-3313 is an XSS vulnerability in IBM Maximo Asset Management 6.2–7.5 (and related products such as SmartCloud Control Desk, Tivoli AM for IT, TS RM, Maximo Service Desk, and CCMDB). The issue allows an attacker to inject arbitrary web script/HTML via unspecified vectors in affected deploy...

4.3CVSS5.8AI score0.01161EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.49 views

CVE-2012-3326

Summary: CVE-2012-3326 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management 7.5 and related products (SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, CCMDB). The issue arises in the web interface allowing...

4.3CVSS5.8AI score0.01161EPSS
CVE
CVE
added 2014/07/30 10:0 a.m.47 views

CVE-2014-3025

CVE-2014-3025 is a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and related IBM/Tivoli products. It affects multiple versions (Maximo AM 6.2–6.2.8, 7.1–7.1.1.2, 7.5–7.5.0.6; and SmartCloud Control Desk; Tivoli Asset Management for IT, Tivoli Service Request Manager, Max...

3.5CVSS5.5AI score0.00946EPSS
CVE
CVE
added 2012/09/10 5:0 p.m.45 views

CVE-2012-0746

CVE-2012-0746 is an in-product Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management 7.5 and related IBM products such as SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB. The issue is described as all...

3.5CVSS5.3AI score0.00946EPSS