CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2013-3323
https://notcve.org/view.php?id=CVE-2013-3323
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticación Básica es usado, debido a un fallo al invalidar la sesión de autenticación, lo que podría permitir a un usuario malicioso obtener acceso no autorizado. • http://www.securityfocus.com/bid/62685 https://exchange.xforce.ibmcloud.com/vulnerabilities/77920?_ga=2.229912220.1881683942.1582039056-713214152.1572980240 https://www.ibm.com/support/pages/node/235239 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2015-5016
https://notcve.org/view.php?id=CVE-2015-5016
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460. IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.2; así como otros productos de IBM permiten que usuarios autenticados remotos omitan las restricciones de acceso previstas y lean entradas del registro de tareas de tickets arbitrarias mediante vectores sin especificar. IBM X-Force ID: 106460. • http://www-01.ibm.com/support/docview.wss?uid=swg21971160 https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 1CVE-2015-0104 – IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-0104
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.1.1.8 y 7.2 y Maximo Asset Management y Maximo Industry Solutions 7.1 en versiones hasta 7.1.1.8, 7.5 en versiones anteriores a 7.5.0.7 IFIX003, y 7.6 en versiones anteriores a 7.6.0.0 IFIX002 permite a los usuarios autenticados remotos ejecutar código arbitrario a través de vectores no especificados. • https://www.exploit-db.com/exploits/36002 http://www-01.ibm.com/support/docview.wss?uid=swg21694974 http://www.securityfocus.com/bid/97999 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 1CVE-2015-0107 – IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-0107
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.1.1.8 y 7.2 y Maximo Asset Management y Maximo Industry Solutions 7.1 en versiones hasta 7.1.1.8, 7.5 en versiones anteriores a 7.5.0.7 IFIX003, y 7.6 en versiones anteriores a 7.6.0.0 IFIX002 permite a los usuarios autenticados remotos realizar ataques de desplazamiento de directorios a través de vectores no especificados. • https://www.exploit-db.com/exploits/36002 http://www-01.ibm.com/support/docview.wss?uid=swg21694974 http://www.securityfocus.com/bid/97998 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2016-5902
https://notcve.org/view.php?id=CVE-2016-5902
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Maximo Asset Management es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la divulgación de credenciales en una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21988252 http://www.securityfocus.com/bid/92535 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •