Product:

Tivoli_integration_composer

(Ibm)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 13
Date Id Summary Products Score Patch Annotated
2019-06-19 CVE-2019-4364 IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer 8.0
2019-06-06 CVE-2019-4048 IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer 2.1
2019-06-06 CVE-2019-4056 IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer 4.3
2020-04-17 CVE-2019-4446 IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant_on\-Premises, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Tivoli_integration_composer 5.4
2020-04-17 CVE-2019-4749 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Maximo_spatial_asset_management, Tivoli_integration_composer N/A
2020-04-17 CVE-2019-4644 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880. Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Maximo_spatial_asset_management, Tivoli_integration_composer N/A
2020-02-19 CVE-2019-4429 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886. Control_desk, Maximo_anywhere, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer N/A
2019-10-24 CVE-2019-4486 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer N/A
2019-10-09 CVE-2019-4512 IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. Control_desk, Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_integration_composer N/A
2017-02-01 CVE-2016-6072 IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Maximo_asset_management, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_transportation, Maximo_for_utilities, Smartcloud_control_desk, Tivoli_asset_management_for_it, Tivoli_change_and_configuration_management_database, Tivoli_integration_composer, Tivoli_service_request_manager 5.4