Ibm

Maximo Application Suite

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2023-27861

  • EPSS 0.03%
  • Veröffentlicht 05.06.2023 01:15:45
  • Zuletzt bearbeitet 21.11.2024 07:53:35

IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208.

5.4

CVE-2022-35645

  • EPSS 0.1%
  • Veröffentlicht 02.03.2023 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:11:25

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...

5.5

CVE-2022-43923

  • EPSS 0.02%
  • Veröffentlicht 24.02.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 07:27:22

IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584.

7.5

CVE-2022-41734

  • EPSS 0.03%
  • Veröffentlicht 17.02.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 07:23:45

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. ...

8.8

CVE-2022-35281

  • EPSS 0.17%
  • Veröffentlicht 09.01.2023 08:15:12
  • Zuletzt bearbeitet 21.11.2024 07:11:02

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335.

5.5

CVE-2022-41732

  • EPSS 0.04%
  • Veröffentlicht 28.11.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:23:45

IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 237407.

7.5

CVE-2021-38924

  • EPSS 0.26%
  • Veröffentlicht 14.09.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:18:13

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IB...

7.2

CVE-2021-29854

  • EPSS 0.06%
  • Veröffentlicht 03.05.2022 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:55

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inj...

5.4

CVE-2021-29743

  • EPSS 0.15%
  • Veröffentlicht 30.08.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:43

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

5.4

CVE-2021-29744

  • EPSS 0.16%
  • Veröffentlicht 27.08.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:43

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...