CVE-2012-6357
https://notcve.org/view.php?id=CVE-2012-6357
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors. IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y v7.5 SmartCloud Control Desk permite a usuarios remotos autenticados obtener privilegios y eludir las restricciones destinadas a las operaciones de búsqueda de activos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV23511 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/80749 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3327
https://notcve.org/view.php?id=CVE-2012-3327
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v6.2 hasta v7.5, Maximo Asset Management Essentials v6.2 hasta v7.5, Tivoli Asset Management for IT v6.2 hasta v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change and Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5 que permite ataques remotos que inyectan comandos web o HTML a través de vectores relacionados con una acción de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/78039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-6356
https://notcve.org/view.php?id=CVE-2012-6356
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation. IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, y SmartCloud Control Desk 7.5 permite a usuarios remotos autenticados para obtener privilegios a través de vectores relacionados con una operación de importación. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/80748 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0457
https://notcve.org/view.php?id=CVE-2013-0457
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y SmartCloud Control Desk v7.5 que permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores relacionados con un identificador de sesión de la interfaz de usuario (uisessionid). • http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/81011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3321
https://notcve.org/view.php?id=CVE-2012-3321
IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password. IBM SmartCloud Control Desk v7.5, permite a usuarios autenticados remotamente evitar las restricciones de acceso implementadas a través de vectores que involucran a la caducidad de la contraseña. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV25198 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/77916 • CWE-264: Permissions, Privileges, and Access Controls •