NotCVE - vendor:"Ibm" product:"Maximo Asset Management" version:" >= 7.6.0

Page 2 of 47 results (0.013 seconds)

CVSS: 8.2EPSS: 80%CPEs: 2EXPL: 1

CVE-2020-4463

https://notcve.org/view.php?id=CVE-2020-4463

29 Jul 2020 — IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484. IBM Maximo Asset Management versiones 7.6.0.1 y 7.6.0.2, es vulnerable a un ataque de Inyección de XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencia... • https://github.com/Ibonok/CVE-2020-4463 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-4591

https://notcve.org/view.php?id=CVE-2019-4591

13 Jul 2020 — IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, no invalida la sesión después del cierre de sesión, lo que podría permitir a un usuario local hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 167451 • https://exchange.xforce.ibmcloud.com/vulnerabilities/167451 • CWE-384: Session Fixation •

CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-4529

https://notcve.org/view.php?id=CVE-2020-4529

08 Jun 2020 — IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo server side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevan... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182713 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-4478

https://notcve.org/view.php?id=CVE-2019-4478

12 May 2020 — IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. IBM Maximo Asset Management versiones 7.6.0, y 7.6.1, podría permitir a un usuario autenticado obtener información altamente confidencial a la que no debería tener acceso normalmente. IBM X-Force ID: 163998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163998 •

CVSS: 5.5EPSS: 0%CPEs: 40EXPL: 0

CVE-2019-4446

https://notcve.org/view.php?id=CVE-2019-4446

17 Apr 2020 — IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. IBM Maximo Asset Management versión 7.6, podría permitir a un usuario autentificado realizar acciones a las que no está autorizado al modificar los parámetros de petición. IBM X-Force ID: 163490. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-4530

https://notcve.org/view.php?id=CVE-2019-4530

20 Nov 2019 — IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586. IBM Maximo Asset Management versiones 7.6, 7.6.1 y 7.6.1.1, podría permitir a un usuario autenticado eliminar un registro que normalmente no debería ser capaz de hacerlo. ID de IBM X-Force: 165586. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165586 •

CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0

CVE-2019-4486

https://notcve.org/view.php?id=CVE-2019-4486

24 Oct 2019 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. IBM Maximo Asset Management versión 7.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/164070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1686

https://notcve.org/view.php?id=CVE-2018-1686

05 Oct 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505. IBM Maximo Asset Management, de la versión 7.6 a la 7.6.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/145505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1698

https://notcve.org/view.php?id=CVE-2018-1698

13 Sep 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967. IBM Maximo Asset Management, desde la versión 7.6 hasta la 7.6.3, podría permitir que un usuario no autenticado obtenga información sensible de los mensajes de error. IBM X-Force ID: 145967. • http://www.securityfocus.com/bid/105343 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1699

https://notcve.org/view.php?id=CVE-2018-1699

24 Aug 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968. IBM Maximo Asset Management desde la versión 7.6 hasta la 7.6.3 es vulnerable a inyección SQL. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permitirle visualizar, añadir, modificar o borrar información e... • http://www.securityfocus.com/bid/105189 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2 3 4 5