Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Maximo_asset_management
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 178 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-13 | CVE-2024-22333 | IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. | Maximo_application_suite, Maximo_asset_management | 3.3 | ||
| 2024-11-11 | CVE-2024-45088 | IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Maximo_asset_management | 5.4 | ||
| 2019-06-06 | CVE-2018-2028 | IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. | Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer | 6.5 | ||
| 2019-06-19 | CVE-2019-4303 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949. | Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer | 5.4 | ||
| 2019-06-19 | CVE-2019-4364 | IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. | Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer | 8.0 | ||
| 2019-06-06 | CVE-2019-4048 | IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. | Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer | 2.1 | ||
| 2019-06-06 | CVE-2019-4056 | IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. | Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer | 4.3 | ||
| 2019-07-17 | CVE-2019-4430 | IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. | Maximo_asset_management | 7.5 | ||
| 2020-04-17 | CVE-2019-4446 | IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. | Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant_on\-Premises, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Tivoli_integration_composer | 5.4 | ||
| 2020-05-12 | CVE-2019-4478 | IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. | Maximo_asset_management | 6.5 |