CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22333 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-22333
13 Jun 2024 — IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. IBM Maximo Asset Management 7.6.1.3 e IBM Maximo Application Suite 8.10 y 8.11 permiten almacenar páginas web localmente que pueden ser leídas por otro usuario en el sistema. ID de IBM X-Force: 279973. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279973 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27266 – IBM Maximo Application Suite XML external entity injection
https://notcve.org/view.php?id=CVE-2024-27266
14 Mar 2024 — IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566. IBM Maximo Application Suite 7.6.1.3 es vulnerable a un ataque de inyección de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memo... • https://exchange.xforce.ibmcloud.com/vulnerabilities/284566 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32335 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-32335
13 Mar 2024 — IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075. IBM Maximo Application Suite 8.10, 8.11 e IBM Maximo Asset Management 7.6.1.3 almacenan información confidencial en parámetros de URL. Esto puede dar lugar a la divulgación de información si partes no autorizadas tienen... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266875 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38723 – Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2023-38723
13 Mar 2024 — IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192. IBM Maximo Application Suite 7.6.1.3 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando as... • https://exchange.xforce.ibmcloud.com/vulnerabilities/262192 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32333 – IBM Maximo Asset Management improper access control
https://notcve.org/view.php?id=CVE-2023-32333
02 Feb 2024 — IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. IBM Maximo Asset Management versión 7.6.1.3 podría permitir que un atacante remoto inicie sesión en el panel de administración debido a controles de acceso inadecuados. ID de IBM X-Force: 255073. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255073 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32337 – IBM Maximo Spatial Asset Management server-side request forgery
https://notcve.org/view.php?id=CVE-2023-32337
19 Jan 2024 — IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. IBM Maximo Spatial Asset Management 8.10 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/255288 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-47718 – IBM Maximo Asset Management cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-47718
19 Jan 2024 — IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843. IBM Maximo Asset Management 7.6.1.3 y Manage Component 8.10 a 8.11 son vulnerables a cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/271843 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32332 – IBM Maximo Application Suite and IBM Maximo Asset Management HTML injection
https://notcve.org/view.php?id=CVE-2023-32332
08 Sep 2023 — IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072. IBM Maximo Application Suite en versiones 8.9 y 8.10 e IBM Maximo Asset Management en versiones 7.6.1.2 y 7.6.1.3 son vulnerables a la inyección HTML. Un atacante remoto podría inyectar código HTML ma... • https://exchange.xforce.ibmcloud.com/vulnerabilities/255072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32334 – IBM Maximo Asset Management information disclosure
https://notcve.org/view.php?id=CVE-2023-32334
05 Jun 2023 — IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255074. IBM Maximo Asset Management v7.6.1.2, v7.6.1.3 e IBM Maximo Application Suite v8.8.0 almacenan información confidencial en parámetros de URL. Esto puede dar lugar a la divulgación de información si partes no autoriz... • https://exchange.xforce.ibmcloud.com/vulnerabilities/255074 •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27861 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-27861
05 Jun 2023 — IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transmits sensitive information in cleartext that could be intercepted by an attacker using man in the middle techniques. IBM X-Force ID: 249208. IBM Maximo Application Suite - Manage Component v8.8.0 y v8.9.0 transmite información confidencial en texto claro que podría ser interceptada por un atacante mediante técnicas de "man in the middle". IBM X-Force ID: 249208. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249208 • CWE-319: Cleartext Transmission of Sensitive Information •