Total
167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35645 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2023-03-10 | N/A | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958. | |||||
| CVE-2018-2028 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2023-03-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. | |||||
| CVE-2022-41734 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2023-03-01 | N/A | 7.5 HIGH |
| IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 237587. | |||||
| CVE-2019-4303 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2023-02-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949. | |||||
| CVE-2019-4364 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2023-01-30 | 8.5 HIGH | 8.0 HIGH |
| IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. | |||||
| CVE-2022-35281 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2023-01-12 | N/A | 8.8 HIGH |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335. | |||||
| CVE-2019-4056 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2022-12-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. | |||||
| CVE-2019-4048 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2022-12-09 | 2.1 LOW | 2.1 LOW |
| IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. | |||||
| CVE-2019-4430 | 1 Ibm | 1 Maximo Asset Management | 2022-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. | |||||
| CVE-2022-40616 | 1 Ibm | 1 Maximo Asset Management | 2022-09-22 | N/A | 8.1 HIGH |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. | |||||
| CVE-2021-38924 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2022-09-16 | N/A | 7.5 HIGH |
| IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163. | |||||
| CVE-2022-35714 | 1 Ibm | 1 Maximo Asset Management | 2022-08-31 | N/A | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. | |||||
| CVE-2021-29854 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2022-05-11 | 4.3 MEDIUM | 7.2 HIGH |
| IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. | |||||
| CVE-2022-22435 | 1 Ibm | 1 Maximo Asset Management | 2022-04-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2022-22436 | 1 Ibm | 1 Maximo Asset Management | 2022-04-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164. | |||||
| CVE-2021-38935 | 1 Ibm | 1 Maximo Asset Management | 2022-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | |||||
| CVE-2021-29743 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2021-09-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. | |||||
| CVE-2021-29744 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2021-09-01 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. | |||||
| CVE-2021-20509 | 1 Ibm | 1 Maximo Asset Management | 2021-08-20 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243. | |||||
| CVE-2019-4478 | 1 Ibm | 1 Maximo Asset Management | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. | |||||