CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8924
https://notcve.org/view.php?id=CVE-2016-8924
26 Apr 2017 — IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537. IBM Maximo Asset Management 7.1, 7.5 y 7.6 podrían permitir a un atacante remoto secuestrar la sesión de un usuario debido a un error de validación del identificador de sesión. • http://www.ibm.com/support/docview.wss?uid=swg21996256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 1CVE-2015-0104 – IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-0104
24 Apr 2017 — IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.... • https://www.exploit-db.com/exploits/36002 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 1CVE-2015-0107 – IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-0107
24 Apr 2017 — IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versi... • https://www.exploit-db.com/exploits/36002 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.9EPSS: 0%CPEs: 32EXPL: 0CVE-2017-1124
https://notcve.org/view.php?id=CVE-2017-1124
07 Mar 2017 — IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053. IBM Maximo Asset Management 7.1, 7.5 y 7.6 podría permitir a un atacante local obtener información sensible utilizando inyección de encabezado HTTP. Referencia de IBM #: 1998053. • http://www.ibm.com/support/docview.wss?uid=swg21998053 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2016-5902
https://notcve.org/view.php?id=CVE-2016-5902
08 Feb 2017 — IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Maximo Asset Management es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la divulgación de credenciales e... • http://www.ibm.com/support/docview.wss?uid=swg21988252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6072
https://notcve.org/view.php?id=CVE-2016-6072
01 Feb 2017 — IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Maximo Asset Management es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a ... • http://www.ibm.com/support/docview.wss?uid=swg21991893 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5896
https://notcve.org/view.php?id=CVE-2016-5896
01 Feb 2017 — IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. IBM Maximo Asset Management podría revelar información sensible de una traza de pila después de la presentación de inicio de sesión incorrecto en el navegador de Cognos. • http://www.ibm.com/support/docview.wss?uid=swg21987855 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2016-5905
https://notcve.org/view.php?id=CVE-2016-5905
30 Nov 2016 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.10 IF3 y 7.6 en versiones anteriores a 7.6.0.5 IF2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21988253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-5987
https://notcve.org/view.php?id=CVE-2016-5987
30 Nov 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message. IBM Maximo Asset Management 7.1 hasta la versión 7.1.1.13, 7.5 en versiones anteriores a 7.5.0.10 IF4 y 7.6 en versiones anteriores a 7.6.0.5 IF3 permite a atacantes remotos obtener información sensible a través de una petición HTTP manipulada que desencadena las construc... • http://www-01.ibm.com/support/docview.wss?uid=swg21990449 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2016-0393
https://notcve.org/view.php?id=CVE-2016-0393
17 Jul 2016 — IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.10-TIV-MBS-IFIX002 y 7.6 en versiones anteriores a 7.6.0.5-TIV-MAMMT-FP001 permite a atacantes remotos obtener información sensible de URL leyendo archivos de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg21986053 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •