Ibm

Maximo Asset Management

182 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2020-4409

  • EPSS 0.16%
  • Published 16.09.2020 16:15:15
  • Last modified 21.11.2024 05:32:42

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redi...

9

CVE-2020-4521

  • EPSS 13.08%
  • Published 15.09.2020 14:15:14
  • Last modified 21.11.2024 05:32:50

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnera...

4.3

CVE-2020-4526

  • EPSS 0.09%
  • Published 15.09.2020 14:15:14
  • Last modified 21.11.2024 05:32:50

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.

6.5

CVE-2019-4671

  • EPSS 0.15%
  • Published 15.09.2020 14:15:13
  • Last modified 21.11.2024 04:43:57

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force...

4.3

CVE-2019-4582

  • EPSS 0.18%
  • Published 13.08.2020 12:15:17
  • Last modified 21.11.2024 04:43:46

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X...

8.2

CVE-2020-4463

  • EPSS 87.55%
  • Published 29.07.2020 14:15:13
  • Last modified 21.11.2024 05:32:45

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. I...

7.8

CVE-2019-4591

  • EPSS 0.04%
  • Published 13.07.2020 14:15:10
  • Last modified 21.11.2024 04:43:46

IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.

6.5

CVE-2019-4650

  • EPSS 0.39%
  • Published 26.06.2020 14:15:10
  • Last modified 21.11.2024 04:43:55

IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170...

5.4

CVE-2020-4223

  • EPSS 0.18%
  • Published 26.06.2020 14:15:10
  • Last modified 21.11.2024 05:32:25

IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl...

7.4

CVE-2020-4529

  • EPSS 0.07%
  • Published 08.06.2020 13:15:15
  • Last modified 21.11.2024 05:32:51

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other ...