CVE-2020-4526
https://notcve.org/view.php?id=CVE-2020-4526
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 182436. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que confía el sitio web. IBM X-Force ID: 182436 • https://exchange.xforce.ibmcloud.com/vulnerabilities/182436 https://www.ibm.com/support/pages/node/6332589 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-4521
https://notcve.org/view.php?id=CVE-2020-4521
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 182396. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podría permitir a un atacante autenticado remoto ejecutar código arbitrario en el sistema, causado por una deserialización no segura en Java. Al enviar una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182396 https://www.ibm.com/support/pages/node/6332587 • CWE-502: Deserialization of Untrusted Data •
CVE-2019-4671
https://notcve.org/view.php?id=CVE-2019-4671
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171437. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, que podrían permitir al atacante visualizar, agregar, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/171437 https://www.ibm.com/support/pages/node/6332583 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-4591
https://notcve.org/view.php?id=CVE-2019-4591
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, no invalida la sesión después del cierre de sesión, lo que podría permitir a un usuario local hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 167451 • https://exchange.xforce.ibmcloud.com/vulnerabilities/167451 https://www.ibm.com/support/pages/node/6245696 • CWE-384: Session Fixation •
CVE-2020-4529
https://notcve.org/view.php?id=CVE-2020-4529
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo server side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitando otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182713 https://www.ibm.com/support/pages/node/6220528 • CWE-918: Server-Side Request Forgery (SSRF) •