CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4056
https://notcve.org/view.php?id=CVE-2019-4056
06 Jun 2019 — IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. La aplicación Work Center de IBM Maximo Asset Management versión 7.6 no comprueba el tipo de archivo en la carga, lo que permite a los atacantes cargar archivos maliciosos. ID de IBM X-Force: 156565. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156565 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 2.1EPSS: 0%CPEs: 21EXPL: 0CVE-2019-4048
https://notcve.org/view.php?id=CVE-2019-4048
06 Jun 2019 — IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. IBM Maximo Asset Management versión 7.6 podría permitir a un usuario físico del sistema obtener información confidencial de un usuario anterior de la misma máquina. ID de IBM X-Force: 156311. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156311 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2018-2028
https://notcve.org/view.php?id=CVE-2018-2028
06 Jun 2019 — IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. IBM Maximo Asset Management versión 7.6 podría permitir que un usuario autenticado sustituya una página de destino por un sitio de phishing, lo que permitiría al atacante obtener información muy confidencial. ID de IBM X-Force: 155554. • https://exchange.xforce.ibmcloud.com/vulnerabilities/155554 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2018-1528
https://notcve.org/view.php?id=CVE-2018-1528
06 Aug 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. IBM Maximo Asset Management, desde la versión 7.6 hasta la 7.6.3, podría permitir que un usuario autenticado obtenga información sensible desde la API WhoAmI. IBM X-Force ID: 142290. • http://www.securityfocus.com/bid/105023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1524
https://notcve.org/view.php?id=CVE-2018-1524
03 Aug 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116. IBM Maximo Asset Management, de la versión 7.6 a la 7.6.3, se instala con una cuenta de administrador por defecto que podría ser empleada por un atacante remoto para obtener acceso de administrador al sistema. Esta vulnerabilidad existe debido a una sol... • https://exchange.xforce.ibmcloud.com/vulnerabilities/142116 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2016-0222
https://notcve.org/view.php?id=CVE-2016-0222
14 Mar 2016 — IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. IBM Maximo Asset Management 7.6 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y leer registros de trabajo de órdenes de compra arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21976949 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 119EXPL: 0CVE-2015-7448
https://notcve.org/view.php?id=CVE-2015-7448
12 Mar 2016 — SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección S... • http://www-01.ibm.com/support/docview.wss?uid=swg21974938 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 59EXPL: 0CVE-2015-7487
https://notcve.org/view.php?id=CVE-2015-7487
27 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. IBM Maximo Asset Management 7.1 hasta la... • http://www-01.ibm.com/support/docview.wss?uid=swg21974537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 82EXPL: 0CVE-2015-4966
https://notcve.org/view.php?id=CVE-2015-4966
08 Nov 2015 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors. IBM Máximo Asset Managem... • http://www-01.ibm.com/support/docview.wss?uid=swg21968191 • CWE-255: Credentials Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 82EXPL: 0CVE-2015-7395
https://notcve.org/view.php?id=CVE-2015-7395
08 Nov 2015 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors. IBM Maximo Asset Management 7.1 hasta la versión ... • http://www-01.ibm.com/support/docview.wss?uid=swg21969072 • CWE-284: Improper Access Control •