65 matches found
CVE-2019-4048
CVE-2019-4048 affects IBM Maximo Asset Management 7.6. The vulnerability allows a physical user to obtain sensitive information from a previous user on the same machine (a back-and-refresh-type information disclosure). Affected core product: Maximo Asset Management 7.6 (and related Industry Solut...
CVE-2019-4056
IBM Maximo Asset Management 7.6 Work Centers' application lacks file type validation during upload, enabling upload of malicious files. Affected product: IBM Maximo Asset Management (core 7.6, with Industry Solutions and IBM Control Desk on top). Root cause: the upload workflow does not validate ...
CVE-2019-4364
CVE-2019-4364 affects IBM Maximo Asset Management core product 7.6. The vulnerability is CSV injection that could allow a remote authenticated attacker to execute arbitrary commands on the system. Remediation is provided by IBM Fix Central; affected 7.6 versions include 7.6.1.1 FP, 7.6.0.10 iFix,...
CVE-2019-4303
IBM Maximo Asset Management 7.6 is affected by a cross-site scripting vulnerability (CVE-2019-4303) that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Affected products/versions include Maximo Asset Management core 7.6...
CVE-2018-2028
CVE-2018-2028 affects IBM Maximo Asset Management 7.6. An authenticated user could replace a target page with a phishing site, potentially exposing highly sensitive information (confidentiality impact). The IBM bulletin lists affected core: Maximo Asset Management 7.6 (and related Industry Soluti...
CVE-2019-4486
CVE-2019-4486 affects IBM Maximo Asset Management 7.6. The vulnerability is a cross-site scripting flaw that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. Affected core version: Maximo Asset Management 7.6, with likely ...
CVE-2013-3323
Summary: CVE-2013-3323 describes a privilege escalation in IBM Maximo Asset Management (versions 7.5, 7.1, and 6.2) when WebSeal with Basic Authentication is used. The root cause is a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Th...
CVE-2013-5465
CVE-2013-5465 concerns IBM Maximo and related Tivoli/SmartCloud products where uploads permit invalid file types due to inadequate input validation. The issue affects multiple versions across Maximo Asset Management (7.5, 7.1, 6.2), Maximo Asset Management Essentials, Maximo variants for Governme...
CVE-2012-3322
CVE-2012-3322 is an XSS vulnerability described across multiple IBM Maximo-related products (Maximo Asset Management 6.2–7.5, Essentials 6.2–7.5, TAM for IT 6.2–7.2, Service Request Manager 7.1–7.2, Service Desk 6.2, CCMDB 7.1–7.2, SmartCloud Control Desk 7.5). It allows remote authenticated user...
CVE-2014-6102
CVE-2014-6102 affects IBM Maximo Asset Management and related products, where improper logout handling allows a local user to bypass Cognos BI Direct Integration access controls via an unattended workstation. Affected versions include Maximo Asset Management 7.1–7.1.1.13 and 7.5.0 up to 7.5.0.6 (...
CVE-2014-3024
CVE-2014-3024 is a CSRF vulnerability in IBM Maximo Asset Management and related SmartCloud Control Desk components. Affected products/versions include Maximo Asset Management 7.1, 7.1.1.12; 7.5, 7.5.0.x (including 7.5.0.3 through 7.5.0.6) and 7.5.1.x (through 7.5.1.2); plus SmartCloud Control De...
CVE-2012-0714
IBM Maximo-related CVE-2012-0714 is a Cross-Site Request Forgery affecting Maximo Asset Management 6.2–7.5 (and related IBM products such as SmartCloud Control Desk, Tivoli AIT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The IBM bulletin confirms the root cause as CSRF that ...
CVE-2012-3316
Technical details about CVE-2012-3316 are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, and fixes.
CVE-2014-0914
CVE-2014-0914 is an IBM Maximo XSS vulnerability affecting multiple Maximo products and versions (e.g., Maximo Asset Management 7.5 and 6.2; Essentials, Government, Nuclear Power, Transportation, Life Sciences, Oil and Gas, Utilities; Tivoli Asset Management for IT; SmartCloud Control Desk; Maxim...
CVE-2015-4966
CVE-2015-4966 affects IBM Maximo Asset Management core products (versions 7.1, 7.5, 7.6 and associated SmartCloud Control Desk/Tivoli IT Asset Management for IT, etc.). The flaw is a default administrator account that could allow remote authenticated users to gain administrative access via unspec...
CVE-2015-7448
CVE-2015-7448 is a SQL injection vulnerability affecting IBM Maximo Asset Management (and related Tivoli/SmartCloud Control Desk components) where remote authenticated users can cause arbitrary SQL execution via unspecified vectors. Affected products/versions include Maximo Asset Management 7.1–7...
CVE-2015-7452
IBM Maximo Asset Management (versions 7.6 and 7.5, including related Maximo variants and SmartCloud Control Desk) has a vulnerability that could allow remote authenticated users to obtain sensitive information via the REST API. The issue is documented with CVSS v3 base score 4.3 (LOW). Affected p...
CVE-2015-5051
CVE-2015-5051 affects IBM Maximo Asset Management and SmartCloud Control Desk, where an authenticated remote user can bypass access controls to view query results, as described by IBM/NVD entries. Affected: Maximo Asset Management 7.6 and 7.5 (with specific IFs: 7.6.0.2 IF1; 7.5.0.8 IF6; also 7.5...
CVE-2015-7487
CVE-2015-7487 affects IBM Maximo Asset Management and related Tivoli products. The vulnerability allows a local attacker with administrative privileges to read log files and obtain sensitive information, due to improper handling of logs in several Maximo/Tivoli components (Maximo Asset Management...
CVE-2012-6356
CVE-2012-6356 affects IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5. The vulnerability allows remote authenticated users to escalate privileges via vectors related to an import operation. The available sources (NVD entry and related recor...
CVE-2015-4944
CVE-2015-4944 is an XSS vulnerability in IBM Maximo Asset Management and related IBM products (including SmartCloud Control Desk, Tivoli IT Asset Management for IT, and others built on affected core versions). The root cause is improper validation of user input, allowing remote authenticated atta...
CVE-2015-4967
IBM Maximo Asset Management is affected by CVE-2015-4967, a SQL injection vulnerability. A remote attacker could send specially-crafted SQL statements to view, add, modify, or delete data in the back-end database. Affected products and versions include Maximo Asset Management (7.6, 7.5, 7.1), Max...
CVE-2012-0747
CVE-2012-0747 is an SQL injection vulnerability affecting IBM Maximo Asset Management across versions 6.2 through 7.5 (and enabled in related products such as SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The issue allows...
CVE-2012-3327
CVE-2012-3327 describes a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management (versions 6.2–7.5), Maximo Asset Management Essentials (6.2–7.5), Tivoli Asset Management for IT (6.2–7.2), Tivoli Service Request Manager (7.1–7.2), Maximo Service Desk (6.2), CCMDB (7.1–7.2), and S...
CVE-2013-4016
CVE-2013-4016 describes an SQL injection vulnerability in IBM Maximo family (Asset Management, SmartCloud Control Desk, Tivoli components) where a Birt report with a plain-text WHERE clause enables remote authenticated users to run arbitrary SQL. IBM’s bulletin lists multiple fixes per product/ve...
CVE-2012-2184
CVE-2012-2184 is a session‑fixation vulnerability in IBM Maximo Asset Management 7.1–7.5 (used in SmartCloud Control Desk, Tivoli AM for IT, SRM, Maximo Service Desk, CCMDB). The issue allows remote attackers to hijack web sessions via unspecified vectors. IBM’s bulletin lists affected releases a...
CVE-2012-2185
CVE-2012-2185 affects IBM Maximo Asset Management and related products (Maximo Asset Management 6.2–7.5 and associated suites) used with SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB. The IBM bulletin documents information ...
CVE-2013-2998
CVE-2013-2998 affects IBM Maximo Asset Management and SmartCloud Control Desk. Vulnerability: information disclosure via frontcontroller.jsp when processing an invalid action_code, allowing remote authenticated users to obtain sensitive information. Affected products/versions include Maximo Asset...
CVE-2013-6741
The CVE-2013-6741 issue affects IBM Maximo Asset Management and related IBM Tivoli products, allowing remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error. Affected products include Maximo Asset Management 7.x (before 7.1.1.7 LAFIX.20140319...
CVE-2014-0915
CVE-2014-0915 affects IBM Maximo and related products (Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government/Nuclear Power/Transportation/Life Sciences/Oil & Gas/Utilities, Tivoli IT, Tivoli Service Request Manager, Maximo Service Desk, CMDB, SmartCloud Control Desk) ...
CVE-2014-6194
CVE-2014-6194 describes a directory traversal vulnerability in IBM Maximo Asset Management and related products that allows remote authenticated users to read arbitrary files via a ".." in a pathname. Affected are IBM Maximo Asset Management 7.1–7.1.1.13; 7.5.0 before 7.5.0.6 IFIX007; Maximo Asse...
CVE-2019-4512
CVE-2019-4512 affects IBM Maximo Asset Management 7.6.1.1. The vulnerability arises from an error message that leaks sensitive information, enabling information disclosure. The IBM Security Bulletin lists affected products (core Maximo Asset Management 7.6.1.1 and related Industry Solutions/Contr...
CVE-2014-0825
The CVE-2014-0825 entry describes an XSS vulnerability in openreport.jsp affecting IBM Maximo Asset Management 7.x (including 7.1, 7.5 ranges) and related Tivoli/SmartCloud components, where remote authenticated users can inject arbitrary web script or HTML via a crafted report parameter. The IBM...
CVE-2015-1934
CVE-2015-1934 affects IBM Maximo Asset Management and related products. The root issue is weak encryption of passwords, allowing context-dependent attackers with access to a password file to obtain cleartext passwords. Affected versions include Maximo Asset Management 7.1–7.1.1.13, 7.5.x before 7...
CVE-2015-7396
CVE-2015-7396 affects IBM Maximo Asset Management (and related solutions) including Maximo Asset Management 7.6 and 7.5, Maximo Asset Management Essentials, several Industry Solutions, and SmartCloud Control Desk. The issue lies in the Scheduler functionality, which could allow an authenticated r...
CVE-2016-0222
IBM Maximo Asset Management 7.6 is affected by CVE-2016-0222; versions prior to 7.6.0.3 IFIX001 allow an authenticated remote user to bypass access controls and read arbitrary purchase-order work logs via unspecified vectors. The IBM advisory recommends applying the corresponding Fix Central inte...
CVE-2012-0728
CVE-2012-0728 is an SQL injection in IBM Maximo Asset Management 7.1–7.5 (as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CCMDB). The vulnerability allows remote authenticated users to execute arbitrary SQL commands via ...
CVE-2012-2183
IBM’s advisory confirms CVE-2012-2183 is a session-fixation vulnerability affecting IBM Maximo Asset Management products (7.5, 7.1, 6.2) and related offerings (SmartCloud Control Desk, Tivoli IT/Service Request Manager, Maximo Service Desk, CCMDB). The issue originates from how web sessions are e...
CVE-2012-6355
CVE-2012-6355 affects IBM Maximo Asset Management (versions 6.2–7.5), Maximo Asset Management Essentials (6.2–7.5), Tivoli Asset Management for IT (6.2–7.2), Tivoli Service Request Manager (7.1–7.2), Maximo Service Desk (6.2), CCMDB (7.1–7.2), and SmartCloud Control Desk (7.5). The vulnerability ...
CVE-2014-4765
CVE-2014-4765 affects IBM Maximo Asset Management and related IBM products (e.g., SmartCloud Control Desk, Tivoli IT Asset Management for IT, and related Maximo variants) with an information-disclosure flaw that lets remote attackers read an error message to obtain sensitive directory information...
CVE-2015-4965
Summary: CVE-2015-4965 is a misconfiguration in IBM Maximo Asset Management and related products that could allow an authenticated user to view backup and debug application files, potentially exposing sensitive information. Affected products (per bulletins): Maximo Asset Management 7.6, 7.5, 7.1;...
CVE-2015-5017
The CVE-2015-5017 issue affects IBM Maximo Asset Management family (including Maximo Asset Management 7.6, 7.5, 7.1; Essentials; and related products like SmartCloud Control Desk and Tivoli IT Asset Management for IT). It allows remote authenticated users to bypass access controls by signing in w...
CVE-2018-1524
CVE-2018-1524 affects IBM Maximo Asset Management 7.6 through 7.6.3, where installation includes a default administrator account that could be exploited by a remote attacker to gain administrator access. This issue stems from an incomplete fix for CVE-2015-4966. IBM's related advisories indicate ...
CVE-2012-0727
CVE-2012-0727 is an SQL injection vulnerability affecting IBM Maximo Asset Management family (7.5, 7.1, 6.2) and related products (SmartCloud Control Desk, Tivoli AIM, Tivoli Service Request Manager, Maximo Service Desk, CCMDB). The root cause is SQL injection in certain components, allowing remo...
CVE-2014-3084
The CVE-2014-3084 issue affects IBM Maximo Asset Management and related products (including Maximo Asset Management Essentials, Maximo Industry Solutions, SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and CMDB products). It allows re...
CVE-2015-1933
CVE-2015-1933 affects IBM Maximo Asset Management and related products; the root cause is that the password input field autocomplete attribute is not set to false, enabling local attackers to obtain account information via an unattended workstation. Affected versions include Maximo Asset Manageme...
CVE-2016-6072
CVE-2016-6072 affects IBM Maximo Asset Management core product (version 7.6) and related IBM Maximo Industry Solutions/Control Desk products when installed on affected cores. The vulnerability is a cross-site scripting flaw in the Web UI that lets an attacker embed arbitrary JavaScript, potential...
CVE-2012-3313
CVE-2012-3313 is an XSS vulnerability in IBM Maximo Asset Management 6.2–7.5 (and related products such as SmartCloud Control Desk, Tivoli AM for IT, TS RM, Maximo Service Desk, and CCMDB). The issue allows an attacker to inject arbitrary web script/HTML via unspecified vectors in affected deploy...
CVE-2019-4429
CVE-2019-4429 affects IBM Maximo Asset Management core product versions 7.6.0 and 7.6.1. The issue is a cross-site scripting vulnerability in the Web UI, allowing an attacker to embed arbitrary JavaScript code that could alter functionality and potentially disclose credentials within a trusted se...
CVE-2012-3326
Summary: CVE-2012-3326 is a Cross-Site Scripting (XSS) vulnerability affecting IBM Maximo Asset Management 7.5 and related products (SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, CCMDB). The issue arises in the web interface allowing...