5 matches found
CVE-2019-4749
CVE-2019-4749 denotes a cross-site scripting vulnerability in IBM Maximo Asset Management 7.6, allowing arbitrary JavaScript in the Web UI and potentially exposing credentials in a trusted session. IBM’s bulletin identifies affected core versions, notably 7.6.1.1, and directs remediation via inte...
CVE-2020-4409
The CVE-2020-4409 issue affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1, where a remote attacker could conduct phishing via a tabnabbing attack by steering a user to a crafted site and then redirecting to a trusted-appearing malicious page. Root cause is a reverse tabnab...
CVE-2019-4644
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting in the Web UI, allowing injection of arbitrary JavaScript and potentially credential disclosure within a trusted session. Affected core versions include 7.6.0.10, 7.6.1.0, and 7.6.1.1 (with related industry solutions). IBM’s ad...
CVE-2020-4650
Summary: CVE-2020-4650 affects IBM Maximo Spatial Asset Management 7.6.0.3/0.4/0.5/1.0 where web pages can be stored locally and read by another user on the same system. The core issue is a local storage exposure in the web component, enabling access to locally stored pages. The NVD entry notes a...
CVE-2020-4651
CVE-2020-4651 affects IBM Maximo Spatial Asset Management, specifically versions 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0. The issue is a cross-site request forgery (CSRF) vulnerability that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The root cau...