Ibm

Maximo Asset Management Essentials

51 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2013-3323

  • EPSS 0.53%
  • Published 18.02.2020 17:15:12
  • Last modified 21.11.2024 01:53:23

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthori...

4.3

CVE-2015-5016

  • EPSS 0.11%
  • Published 27.03.2018 17:29:00
  • Last modified 21.11.2024 02:32:11

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended ac...

8.8

CVE-2018-1414

  • EPSS 0.62%
  • Published 22.02.2018 19:29:03
  • Last modified 21.11.2024 03:59:46

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID:...

8.8

CVE-2017-1499

  • EPSS 1.96%
  • Published 14.02.2018 15:29:00
  • Last modified 21.11.2024 03:21:58

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.

6.1

CVE-2017-1558

  • EPSS 0.18%
  • Published 13.12.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoo...

4.3

CVE-2017-1357

  • EPSS 0.22%
  • Published 09.08.2017 18:29:01
  • Last modified 20.04.2025 01:37:25

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684.

8.8

CVE-2016-9977

  • EPSS 1.05%
  • Published 07.06.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's ...

5.3

CVE-2017-1292

  • EPSS 0.19%
  • Published 26.05.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.

5.4

CVE-2017-1291

  • EPSS 0.15%
  • Published 26.05.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This wou...

8.4

CVE-2016-9976

  • EPSS 2.21%
  • Published 03.05.2017 17:59:00
  • Last modified 20.04.2025 01:37:25

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. I...