|
2019-06-06
|
CVE-2019-4056
|
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
|
Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer
|
4.3
|
|
|
|
2020-04-17
|
CVE-2019-4446
|
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
|
Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant_on\-Premises, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Tivoli_integration_composer
|
5.4
|
|
|
|
2020-04-17
|
CVE-2019-4749
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
|
Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Maximo_spatial_asset_management, Tivoli_integration_composer
|
N/A
|
|
|
|
2020-04-17
|
CVE-2019-4644
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
|
Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Maximo_spatial_asset_management, Tivoli_integration_composer
|
N/A
|
|
|
|
2020-02-24
|
CVE-2019-4745
|
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.
|
Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities
|
N/A
|
|
|
|
2020-02-19
|
CVE-2019-4429
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
|
Control_desk, Maximo_anywhere, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer
|
N/A
|
|
|
|
2020-02-18
|
CVE-2013-3323
|
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.
|
Change_and_configuration_management_database, Maximo_asset_management, Maximo_asset_management_essentials, Maximo_for_government, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Maximo_service_desk, Smartcloud_control_desk, Tivoli_asset_management_for_it, Tivoli_service_request_manager
|
N/A
|
|
|
|
2019-10-24
|
CVE-2019-4486
|
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.
|
Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer
|
N/A
|
|
|
|
2018-08-06
|
CVE-2018-1528
|
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
|
Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk
|
4.3
|
|
|
|
2018-08-03
|
CVE-2018-1524
|
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
|
Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk
|
8.8
|
|
|