Maximo_for_transportation - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Maximo_for_transportation
(Ibm)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	46

Date	Id	Summary	Products	Score	Patch	Annotated
2020-02-19	CVE-2019-4429	IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.	Control_desk, Maximo_anywhere, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer	N/A
2020-02-18	CVE-2013-3323	A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.	Change_and_configuration_management_database, Maximo_asset_management, Maximo_asset_management_essentials, Maximo_for_government, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Maximo_service_desk, Smartcloud_control_desk, Tivoli_asset_management_for_it, Tivoli_service_request_manager	N/A
2019-10-24	CVE-2019-4486	IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.	Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer	N/A
2018-08-06	CVE-2018-1528	IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.	Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk	4.3
2018-08-03	CVE-2018-1524	IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.	Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk	8.8
2019-10-09	CVE-2019-4512	IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.	Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer	N/A
2017-02-01	CVE-2016-6072	IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.	Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_asset_management_for_it, Tivoli_change_and_configuration_management_database, Tivoli_integration_composer, Tivoli_service_request_manager	5.4
2017-02-08	CVE-2016-5902	IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.	Maximo_asset_management, Maximo_for_aviation, Maximo_for_energy_optimization, Maximo_for_government, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities	6.1
2017-02-01	CVE-2016-5896	IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.	Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation	5.3
2016-03-14	CVE-2016-0222	IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.	Maximo_asset_management, Maximo_for_government, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk	4.3