Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Maximo_asset_management
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 178 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-27 | CVE-2021-29744 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. | Maximo_application_suite, Maximo_asset_management | 5.4 | ||
| 2021-08-30 | CVE-2021-29743 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. | Maximo_application_suite, Maximo_asset_management | 5.4 | ||
| 2022-02-18 | CVE-2021-38935 | IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | Maximo_asset_management | 7.5 | ||
| 2022-04-21 | CVE-2022-22435 | IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Maximo_asset_management | 5.4 | ||
| 2022-04-21 | CVE-2022-22436 | IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164. | Maximo_asset_management | 5.4 | ||
| 2022-05-03 | CVE-2021-29854 | IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. | Maximo_application_suite, Maximo_asset_management | 7.2 | ||
| 2022-08-26 | CVE-2022-35714 | IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. | Maximo_asset_management | 5.4 | ||
| 2022-09-14 | CVE-2021-38924 | IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 210163. | Maximo_application_suite, Maximo_asset_management | 7.5 | ||
| 2022-09-21 | CVE-2022-40616 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or perform tasks they should not have access to. IBM X-Force ID: 236311. | Maximo_asset_management | 8.1 | ||
| 2023-01-09 | CVE-2022-35281 | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335. | Maximo_application_suite, Maximo_asset_management | 8.8 |