CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2012-3333
https://notcve.org/view.php?id=CVE-2012-3333
26 May 2014 — CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL. Vulnerabilidad de inyección CRLF en IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a atacantes remotos inyectar cabeceras HTTP arbitra... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV26377 •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2013-2998
https://notcve.org/view.php?id=CVE-2013-2998
26 May 2014 — frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code. frontcontroller.jsp en IBM Maximo Asset Management 7.x anterior a 7.5.0.6 y SmartCloud Control Desk 7.x anterior a 7.5.0.3 y 7.5.1.x anterior a 7.5.1.2 permite a usuarios remotos autenticados obtener información sensible a través de un action_code inválido. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV34110 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 85EXPL: 0CVE-2013-5402
https://notcve.org/view.php?id=CVE-2013-5402
18 Dec 2013 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Serv... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV49268 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 0CVE-2013-4019
https://notcve.org/view.php?id=CVE-2013-4019
01 Oct 2013 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta la versión 6.2.8 y 7.1 anterior a 7.1.1.12 permite a usuarios remotos autenticados inyectar script web arbitrario o HTML a través de vectores sin especificar. • http://secunia.com/advisories/55068 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2013-5382
https://notcve.org/view.php?id=CVE-2013-5382
01 Oct 2013 — IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383. IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versión 7.5.0.5 permite a usuarios remotos autenticados obtener privilegios a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-5383. • http://secunia.com/advisories/55068 •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2012-3323
https://notcve.org/view.php?id=CVE-2012-3323
01 Oct 2013 — IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. IBM Maximo Asset Management 6.2 anterior a la versión 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versión 7.5.0.3 permite a atacantes remotos obtener privilegios a través de vectores sin especificar. • http://osvdb.org/97924 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2013-4013
https://notcve.org/view.php?id=CVE-2013-4013
01 Oct 2013 — IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, 7.1 hasta 7.1.1.12, y 7.5 anterior a la versión 7.5.0.2 permite a atacantes remotos obtener información sensible a través de vectores sin especificar. • http://secunia.com/advisories/55068 •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2013-5381
https://notcve.org/view.php?id=CVE-2013-5381
01 Oct 2013 — IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, y 7.1 hasta 7.1.1.12, y 7.5 anterior a la versión 7.5.0.3 permite a usuarios remotos autenticados obtener privilegios a través de vectores sin especificar. • http://secunia.com/advisories/55068 •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2013-4014
https://notcve.org/view.php?id=CVE-2013-4014
01 Oct 2013 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, 7.1 anterior a 7.1.1.12, y 7.5 anterior a la versión 7.5.0.5 permite a atacantes remotos inyectar script web arbitrario o HTML a través de vectores sin especificar. • http://secunia.com/advisories/55068 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3049
https://notcve.org/view.php?id=CVE-2013-3049
01 Oct 2013 — IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971. IBM Maximo Asset Management 7.1 hasta la versión 7.1.1.12 y 7.5 anterior a 7.5.0.5 permite a usuarios remotos autenticados evitar restricciones de acceso intencionadas a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-3971. • http://secunia.com/advisories/55068 •