Ibm

Maximo Asset Management

182 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2018-1698

  • EPSS 0.19%
  • Published 13.09.2018 15:29:00
  • Last modified 21.11.2024 04:00:13

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967.

8.8

CVE-2018-1699

  • EPSS 0.49%
  • Published 24.08.2018 10:29:05
  • Last modified 21.11.2024 04:00:13

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-For...

5.4

CVE-2018-1715

  • EPSS 0.21%
  • Published 16.08.2018 13:29:00
  • Last modified 21.11.2024 04:00:14

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu...

4.3

CVE-2018-1528

  • EPSS 0.16%
  • Published 06.08.2018 14:29:00
  • Last modified 21.11.2024 03:59:57

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.

9

CVE-2018-1524

  • EPSS 0.39%
  • Published 03.08.2018 15:29:00
  • Last modified 21.11.2024 03:59:57

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID:...

5.4

CVE-2018-1554

  • EPSS 0.22%
  • Published 02.08.2018 14:29:00
  • Last modified 21.11.2024 04:00:00

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...

4.3

CVE-2015-5016

  • EPSS 0.11%
  • Published 27.03.2018 17:29:00
  • Last modified 21.11.2024 02:32:11

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended ac...

8.8

CVE-2018-1414

  • EPSS 0.62%
  • Published 22.02.2018 19:29:03
  • Last modified 21.11.2024 03:59:46

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:...

5.4

CVE-2018-1415

  • EPSS 0.27%
  • Published 22.02.2018 19:29:03
  • Last modified 21.11.2024 03:59:46

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...

8.8

CVE-2017-1499

  • EPSS 1.96%
  • Published 14.02.2018 15:29:00
  • Last modified 21.11.2024 03:21:58

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.