Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Maximo_asset_management
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 178 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-15 | CVE-2019-4671 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. | Maximo_asset_management | N/A | ||
| 2020-08-13 | CVE-2019-4582 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288. | Maximo_asset_management | N/A | ||
| 2020-07-13 | CVE-2019-4591 | IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. | Maximo_asset_management | N/A | ||
| 2020-06-26 | CVE-2019-4650 | IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961. | Maximo_asset_management | N/A | ||
| 2020-04-17 | CVE-2019-4749 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. | Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Maximo_spatial_asset_management, Tivoli_integration_composer | N/A | ||
| 2020-04-17 | CVE-2019-4644 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880. | Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Maximo_spatial_asset_management, Tivoli_integration_composer | N/A | ||
| 2020-02-24 | CVE-2019-4745 | IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883. | Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities | N/A | ||
| 2020-02-20 | CVE-2019-4583 | IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289. | Maximo_asset_management | N/A | ||
| 2020-02-18 | CVE-2013-3323 | A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | Change_and_configuration_management_database, Maximo_asset_management, Maximo_asset_management_essentials, Maximo_for_government, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Maximo_service_desk, Smartcloud_control_desk, Tivoli_asset_management_for_it, Tivoli_service_request_manager | N/A | ||
| 2019-11-20 | CVE-2019-4530 | IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586. | Maximo_asset_management | N/A |