CVE-2013-3048
https://notcve.org/view.php?id=CVE-2013-3048
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, 7.1 hasta 7.1.1.12, y 7.5 anterior a la versión 7.5.0.3 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a través de vectores sin especificar. • http://secunia.com/advisories/55068 http://secunia.com/advisories/55070 http://www-01.ibm.com/support/docview.wss?uid=swg1IV36375 http://www-01.ibm.com/support/docview.wss?uid=swg21651085 https://exchange.xforce.ibmcloud.com/vulnerabilities/84845 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-4027
https://notcve.org/view.php?id=CVE-2013-4027
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, 7.1 hasta 7.1.1.12, y 7.5 anterior a la versión 7.5.0.5 permite a usuarios remotos autenticados evadir restricciones de acceso intencionadas a través de vectores sin especificar. • http://secunia.com/advisories/55068 http://secunia.com/advisories/55070 http://www-01.ibm.com/support/docview.wss?uid=swg1IV43491 http://www-01.ibm.com/support/docview.wss?uid=swg21651085 https://exchange.xforce.ibmcloud.com/vulnerabilities/86064 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-5380
https://notcve.org/view.php?id=CVE-2013-5380
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors. IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versión 7.5.0.5 permite a usuarios locales obtener información sensible a través de vectores sin especificar. • http://secunia.com/advisories/55068 http://secunia.com/advisories/55070 http://www-01.ibm.com/support/docview.wss?uid=swg1IV33364 http://www-01.ibm.com/support/docview.wss?uid=swg21651085 https://exchange.xforce.ibmcloud.com/vulnerabilities/86931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-3047
https://notcve.org/view.php?id=CVE-2013-3047
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors. IBM Maximo Asset Management 7.1 anterior a la versión 7.1.1.12 y 7.5 anterior a 7.5.0.5 permite a usuarios remotos autenticados obtener privilegios a través de vectores sin especificar. • http://secunia.com/advisories/55068 http://www-01.ibm.com/support/docview.wss?uid=swg1IV35721 http://www-01.ibm.com/support/docview.wss?uid=swg21651085 https://exchange.xforce.ibmcloud.com/vulnerabilities/84844 •
CVE-2012-3327
https://notcve.org/view.php?id=CVE-2012-3327
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v6.2 hasta v7.5, Maximo Asset Management Essentials v6.2 hasta v7.5, Tivoli Asset Management for IT v6.2 hasta v7.2, Tivoli Service Request Manager v7.1 y v7.2, Maximo Service Desk v6.2, Change and Configuration Management Database (CCMDB) v7.1 y v7.2, y SmartCloud Control Desk v7.5 que permite ataques remotos que inyectan comandos web o HTML a través de vectores relacionados con una acción de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698 http://www-01.ibm.com/support/docview.wss?uid=swg21625624 https://exchange.xforce.ibmcloud.com/vulnerabilities/78039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •