Ibm

Maximo Asset Management

182 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2020-4409

  • EPSS 0.16%
  • Veröffentlicht 16.09.2020 16:15:15
  • Zuletzt bearbeitet 21.11.2024 05:32:42

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redi...

9

CVE-2020-4521

  • EPSS 13.08%
  • Veröffentlicht 15.09.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:32:50

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnera...

4.3

CVE-2020-4526

  • EPSS 0.09%
  • Veröffentlicht 15.09.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:32:50

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436.

6.5

CVE-2019-4671

  • EPSS 0.15%
  • Veröffentlicht 15.09.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:43:57

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force...

4.3

CVE-2019-4582

  • EPSS 0.18%
  • Veröffentlicht 13.08.2020 12:15:17
  • Zuletzt bearbeitet 21.11.2024 04:43:46

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X...

8.2

CVE-2020-4463

  • EPSS 87.55%
  • Veröffentlicht 29.07.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:45

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. I...

7.8

CVE-2019-4591

  • EPSS 0.04%
  • Veröffentlicht 13.07.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:43:46

IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.

6.5

CVE-2019-4650

  • EPSS 0.39%
  • Veröffentlicht 26.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:43:55

IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170...

5.4

CVE-2020-4223

  • EPSS 0.18%
  • Veröffentlicht 26.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:25

IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl...

7.4

CVE-2020-4529

  • EPSS 0.07%
  • Veröffentlicht 08.06.2020 13:15:15
  • Zuletzt bearbeitet 21.11.2024 05:32:51

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other ...