39 results (0.011 seconds)

CVSS: 8.2EPSS: 0%CPEs: 42EXPL: 0

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podrían permitir a un atacante remoto conducir ataques de phishing usando un ataque de tabnabbing. • https://exchange.xforce.ibmcloud.com/vulnerabilities/179537 https://www.ibm.com/support/pages/node/6333091 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticación Básica es usado, debido a un fallo al invalidar la sesión de autenticación, lo que podría permitir a un usuario malicioso obtener acceso no autorizado. • http://www.securityfocus.com/bid/62685 https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 https://www.ibm.com/support/pages/node/235239 • CWE-269: Improper Privilege Management •

CVSS: 4.9EPSS: 0%CPEs: 45EXPL: 0

IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors. IBM Maximo Asset Management 6.1 hasta 6.5, 7.1 hasta 7.1.1.13, y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2.8, 7.1, y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados evadir las restricciones de acceso a la escritura en las entradas de calendarios a través de vectores no especificados. • http://secunia.com/advisories/60408 http://secunia.com/advisories/60453 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274 http://www-01.ibm.com/support/docview.wss?uid=swg21681020 http://www.securitytracker.com/id/1030780 https://exchange.xforce.ibmcloud.com/vulnerabilities/93955 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 99EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field. Múltiples vulnerabilidades de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8, 6.x y 7.1 hasta 7.1.1.2 y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2 hasta 6.2.8, 7.1 hasta 7.1.1.2 y 7.2 para Tivoli Asset Management for IT y ciertos otros productos permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el campo KPI display name o (2) un campo portlet. • http://secunia.com/advisories/59570 http://secunia.com/advisories/59640 http://www-01.ibm.com/support/docview.wss?uid=swg1IV56680 http://www-01.ibm.com/support/docview.wss?uid=swg21678894 http://www.securityfocus.com/archive/1/533110/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/91884 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 99EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field. Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta 6.2.8 y 6.x y 7.x hasta 7.5.0.6, Maximo Asset Management 7.5 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk y Maximo Asset Management 6.2 hasta 6.2.8 para Tivoli IT Asset Management for IT y Maximo Service Desk permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo Query Description. • http://secunia.com/advisories/59570 http://secunia.com/advisories/59640 http://www-01.ibm.com/support/docview.wss?uid=swg1IV56679 http://www-01.ibm.com/support/docview.wss?uid=swg21678885 http://www.securityfocus.com/archive/1/533110/100/0/threaded http://www.securityfocus.com/bid/68839 https://exchange.xforce.ibmcloud.com/vulnerabilities/91883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •