Page 19 of 163 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 81EXPL: 0

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file. IBM Maximo Asset Management 7.1 hasta la versión 7.1.1.13, 7.5.0 en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x en versiones anteriores a 7.5.0.8 IFIX002 y 7.6.0 en versiones anteriores a 7.6.0.1 IFIX001 para SmartCloud Control Desk; y Maximo Asset Management 7.1 hasta la versión 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y otros ciertos productos no cifran adecuadamente las contraseñas, lo que facilita a atacantes dependientes del contexto determinar contraseñas en texto plano aprovechando el acceso a un archivo de contraseña. • http://www-01.ibm.com/support/docview.wss?uid=swg21964855 • CWE-310: Cryptographic Issues •

CVSS: 2.1EPSS: 0%CPEs: 23EXPL: 0

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation. IBM Maximo Asset Management 7.1 hasta 7.1.1.13, 7.5.0 anterior a 7.5.0.8 IFIX001, y 7.6.0 anterior a 7.6.0.0 IFIX005 no impide el cacheo de respuestas HTTPS, lo que permite a atacantes físicamente próximos obtener información sensible del caché local mediante el aprovechamiento de una estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21959613 http://www.securityfocus.com/bid/75340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0109. • http://www-01.ibm.com/support/docview.wss?uid=swg21694974 https://exchange.xforce.ibmcloud.com/vulnerabilities/99605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0108. • http://www-01.ibm.com/support/docview.wss?uid=swg21694974 https://exchange.xforce.ibmcloud.com/vulnerabilities/99606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 48EXPL: 0

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en un formulario web no especificado en IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en un nombre de ruta. • http://www-01.ibm.com/support/docview.wss?uid=swg21694035 https://exchange.xforce.ibmcloud.com/vulnerabilities/98605 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •