CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1524
https://notcve.org/view.php?id=CVE-2018-1524
03 Aug 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116. IBM Maximo Asset Management, de la versión 7.6 a la 7.6.3, se instala con una cuenta de administrador por defecto que podría ser empleada por un atacante remoto para obtener acceso de administrador al sistema. Esta vulnerabilidad existe debido a una sol... • https://exchange.xforce.ibmcloud.com/vulnerabilities/142116 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6072
https://notcve.org/view.php?id=CVE-2016-6072
01 Feb 2017 — IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Maximo Asset Management es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a ... • http://www.ibm.com/support/docview.wss?uid=swg21991893 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2016-0222
https://notcve.org/view.php?id=CVE-2016-0222
14 Mar 2016 — IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. IBM Maximo Asset Management 7.6 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y leer registros de trabajo de órdenes de compra arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21976949 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 119EXPL: 0CVE-2015-7448
https://notcve.org/view.php?id=CVE-2015-7448
12 Mar 2016 — SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección S... • http://www-01.ibm.com/support/docview.wss?uid=swg21974938 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 59EXPL: 0CVE-2015-7487
https://notcve.org/view.php?id=CVE-2015-7487
27 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. IBM Maximo Asset Management 7.1 hasta la... • http://www-01.ibm.com/support/docview.wss?uid=swg21974537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2015-5051
https://notcve.org/view.php?id=CVE-2015-5051
03 Jan 2016 — IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors. IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.2 IF1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versione... • http://www-01.ibm.com/support/docview.wss?uid=swg21970797 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2015-5017
https://notcve.org/view.php?id=CVE-2015-5017
03 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. IBM Maximo Asset M... • http://www-01.ibm.com/support/docview.wss?uid=swg21969052 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2015-7452
https://notcve.org/view.php?id=CVE-2015-7452
02 Jan 2016 — IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow remote authenticated users to obtain sensitive information via the REST API. IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 FP9, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.3 FP3 para... • http://www-01.ibm.com/support/docview.wss?uid=swg21972463 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-7396
https://notcve.org/view.php?id=CVE-2015-7396
02 Jan 2016 — The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors. El Scheduler en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.1 FP1 y Maximo Asset Management... • http://www-01.ibm.com/support/docview.wss?uid=swg21970799 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2015-7451
https://notcve.org/view.php?id=CVE-2015-7451
02 Jan 2016 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.9 IF2 y 7.6 en versiones anteriores a 7.6.0.3 FP3 y Maximo Asset Management 7.5 en versiones an... • http://www-01.ibm.com/support/docview.wss?uid=swg21972423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •