CVSS: 8.2EPSS: 89%CPEs: 2EXPL: 1CVE-2020-4463
https://notcve.org/view.php?id=CVE-2020-4463
29 Jul 2020 — IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484. IBM Maximo Asset Management versiones 7.6.0.1 y 7.6.0.2, es vulnerable a un ataque de Inyección de XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencia... • https://github.com/Ibonok/CVE-2020-4463 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4591
https://notcve.org/view.php?id=CVE-2019-4591
13 Jul 2020 — IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, no invalida la sesión después del cierre de sesión, lo que podría permitir a un usuario local hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 167451 • https://exchange.xforce.ibmcloud.com/vulnerabilities/167451 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4223
https://notcve.org/view.php?id=CVE-2020-4223
26 Jun 2020 — IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121. IBM Maximo Asset Management versiones 7.6.0.10 y 7.6.1.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código arbitrario de JavaScript en la Interf... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175121 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4529
https://notcve.org/view.php?id=CVE-2020-4529
08 Jun 2020 — IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo server side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevan... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182713 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4478
https://notcve.org/view.php?id=CVE-2019-4478
12 May 2020 — IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. IBM Maximo Asset Management versiones 7.6.0, y 7.6.1, podría permitir a un usuario autenticado obtener información altamente confidencial a la que no debería tener acceso normalmente. IBM X-Force ID: 163998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163998 •
CVSS: 5.5EPSS: 0%CPEs: 40EXPL: 0CVE-2019-4446
https://notcve.org/view.php?id=CVE-2019-4446
17 Apr 2020 — IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. IBM Maximo Asset Management versión 7.6, podría permitir a un usuario autentificado realizar acciones a las que no está autorizado al modificar los parámetros de petición. IBM X-Force ID: 163490. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4583
https://notcve.org/view.php?id=CVE-2019-4583
20 Feb 2020 — IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289. IBM Maximo Asset Management versiones 7.6.0.10 y 7.6.1.1, podría permitir a un usuario autenticado obtener información confidencial a partir de un rastro de la pila que podría ser usado para ayudar en futuros ataques. ID de IBM X-Force: 167289. • https://exchange.xforce.ibmcloud.com/vulnerabilities/167289 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4530
https://notcve.org/view.php?id=CVE-2019-4530
20 Nov 2019 — IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586. IBM Maximo Asset Management versiones 7.6, 7.6.1 y 7.6.1.1, podría permitir a un usuario autenticado eliminar un registro que normalmente no debería ser capaz de hacerlo. ID de IBM X-Force: 165586. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165586 •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4486
https://notcve.org/view.php?id=CVE-2019-4486
24 Oct 2019 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. IBM Maximo Asset Management versión 7.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/164070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1686
https://notcve.org/view.php?id=CVE-2018-1686
05 Oct 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505. IBM Maximo Asset Management, de la versión 7.6 a la 7.6.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/145505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •