Ibm - Maximo Asset Management CVE - CVE Search - CVE Details

Filtered by vendor Ibm Subscribe

Filtered by product Maximo Asset Management

Total 167 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2012-0728	1 Ibm	6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more	2017-08-28	6.5 MEDIUM	N/A
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-0746	1 Ibm	6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more	2017-08-28	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0747	1 Ibm	6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more	2017-08-28	6.5 MEDIUM	N/A
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2183	1 Ibm	6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more	2017-08-28	6.8 MEDIUM	N/A
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-2184	1 Ibm	6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more	2017-08-28	6.8 MEDIUM	N/A
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-2185	1 Ibm	6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more	2017-08-28	4.0 MEDIUM	N/A
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2012-3313	1 Ibm	6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more	2017-08-28	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3316	1 Ibm	7 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 4 more	2017-08-28	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-1357	1 Ibm	2 Maximo Asset Management, Maximo Asset Management Essentials	2017-08-24	4.0 MEDIUM	4.3 MEDIUM
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.
CVE-2017-1208	1 Ibm	1 Maximo Asset Management	2017-07-19	3.5 LOW	5.4 MEDIUM
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778.
CVE-2017-1175	1 Ibm	1 Maximo Asset Management	2017-07-18	7.5 HIGH	9.8 CRITICAL
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297.
CVE-2017-1176	1 Ibm	1 Maximo Asset Management	2017-07-18	2.1 LOW	3.3 LOW
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299.
CVE-2016-9984	1 Ibm	1 Maximo Asset Management	2017-06-16	6.5 MEDIUM	8.8 HIGH
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.
CVE-2016-8987	1 Ibm	1 Maximo Asset Management	2017-06-12	4.0 MEDIUM	4.3 MEDIUM
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.
CVE-2016-9977	1 Ibm	2 Maximo Asset Management, Maximo Asset Management Essentials	2017-06-12	6.5 MEDIUM	8.8 HIGH
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.
CVE-2017-1291	1 Ibm	2 Maximo Asset Management, Maximo Asset Management Essentials	2017-05-31	3.5 LOW	5.4 MEDIUM
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.
CVE-2017-1292	1 Ibm	2 Maximo Asset Management, Maximo Asset Management Essentials	2017-05-31	5.0 MEDIUM	5.3 MEDIUM
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.
CVE-2016-9976	1 Ibm	2 Maximo Asset Management, Maximo Asset Management Essentials	2017-05-12	6.8 MEDIUM	8.4 HIGH
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.
CVE-2016-8924	1 Ibm	1 Maximo Asset Management	2017-05-03	4.3 MEDIUM	5.6 MEDIUM
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
CVE-2015-0107	1 Ibm	11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more	2017-04-27	4.0 MEDIUM	6.5 MEDIUM
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.

Vulnerabilities (CVE)