Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Filtered by product Maximo Asset Management
Total 167 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1872 1 Ibm 1 Maximo Asset Management 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330.
CVE-2018-1715 1 Ibm 1 Maximo Asset Management 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003.
CVE-2018-1697 1 Ibm 1 Maximo Asset Management 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.
CVE-2018-1698 1 Ibm 1 Maximo Asset Management 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967.
CVE-2018-1699 1 Ibm 1 Maximo Asset Management 2019-10-09 6.5 MEDIUM 8.8 HIGH
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968.
CVE-2018-1554 1 Ibm 1 Maximo Asset Management 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142891.
CVE-2018-1584 1 Ibm 1 Maximo Asset Management 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497.
CVE-2018-1524 1 Ibm 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more 2019-10-09 9.0 HIGH 8.8 HIGH
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
CVE-2018-1528 1 Ibm 8 Maximo Asset Management, Maximo For Aviation, Maximo For Life Sciences and 5 more 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
CVE-2018-1686 1 Ibm 1 Maximo Asset Management 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505.
CVE-2019-4512 1 Ibm 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more 2019-10-09 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
CVE-2014-0914 1 Ibm 11 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 8 more 2018-10-09 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field.
CVE-2014-0915 1 Ibm 11 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 8 more 2018-10-09 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field.
CVE-2015-5016 1 Ibm 14 Change And Configuration Management Database, Control Desk, Maximo Asset Management and 11 more 2018-04-20 4.0 MEDIUM 4.3 MEDIUM
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
CVE-2018-1415 1 Ibm 1 Maximo Asset Management 2018-03-09 3.5 LOW 5.4 MEDIUM
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821.
CVE-2018-1414 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2018-03-09 6.5 MEDIUM 8.8 HIGH
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820.
CVE-2017-1499 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2018-03-09 6.5 MEDIUM 8.8 HIGH
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
CVE-2011-4816 1 Ibm 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more 2018-01-09 6.5 MEDIUM N/A
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-1394 1 Ibm 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more 2018-01-09 5.0 MEDIUM N/A
IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allow remote attackers to cause a denial of service (memory consumption) by establishing many UI sessions within one HTTP session.
CVE-2011-4819 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2018-01-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow remote attackers to inject arbitrary web script or HTML via the uisesionid parameter to (1) maximo.jsp or (2) the default URI under ui/.