CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3973
https://notcve.org/view.php?id=CVE-2013-3973
01 Oct 2013 — SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Maximo Asset Management 7.1 anterior a la versión 7.1.1.12 y 7.5 anterior a la versión 7.5.0.5 permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores sin especificar. • http://secunia.com/advisories/55068 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 1%CPEs: 26EXPL: 0CVE-2013-5395
https://notcve.org/view.php?id=CVE-2013-5395
01 Oct 2013 — IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors. IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, 7.1 anterior a la versión 7.1.1.12, y 7.5 anterior a 7.5.0.5 permite a atacantes remotos evadir restricciones de acceso intencionadas a través de vectores sin especificar. • http://secunia.com/advisories/55068 •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3972
https://notcve.org/view.php?id=CVE-2013-3972
01 Oct 2013 — IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. IBM Maximo Asset Management 7.1 anterior a la versión 7.1.1.12 y 7.5 anterior a la versión 7.5.0.5 permite a usuarios remotos autenticados obtener información sensible a través de vectores sin especificar. • http://secunia.com/advisories/55068 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2013-4027
https://notcve.org/view.php?id=CVE-2013-4027
01 Oct 2013 — IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. IBM Maximo Asset Management 6.2 hasta la versión 6.2.8, 7.1 hasta 7.1.1.12, y 7.5 anterior a la versión 7.5.0.5 permite a usuarios remotos autenticados evadir restricciones de acceso intencionadas a través de vectores sin especificar. • http://secunia.com/advisories/55068 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2012-6355
https://notcve.org/view.php?id=CVE-2012-6355
20 Feb 2013 — IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order. IBM Maximo Asset Management 6.2 a 7.5, Maximo Asset Management Essentials 6.2 a 7.5, Tivoli Asset Management fo... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV30384 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2012-3322
https://notcve.org/view.php?id=CVE-2012-3322
20 Feb 2013 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a display name. Vulnerabilidad XSS en IBM Maximo Asset Manag... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV23838 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2012-3316
https://notcve.org/view.php?id=CVE-2012-3316
20 Feb 2013 — Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabili... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV24609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2012-3327
https://notcve.org/view.php?id=CVE-2012-3327
20 Feb 2013 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action. Vulnerabilidad de ejecución de secuencias de comandos ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6356
https://notcve.org/view.php?id=CVE-2012-6356
20 Feb 2013 — IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation. IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, y SmartCloud Control Desk 7.5 permite a usuarios remotos autenticados para obtener privilegios a través de vectores relacionados con una operación de importación. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV27329 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2013-0457
https://notcve.org/view.php?id=CVE-2013-0457
20 Feb 2013 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Maximo Asset Management v7.5, Maximo Asset Management Essentials v7.5, y SmartCloud Control Desk v7.5 que permite a usuarios remotos autenticados inyectar secuencias de comandos we... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV20590 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •