CVE-2020-4463
https://notcve.org/view.php?id=CVE-2020-4463
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484. IBM Maximo Asset Management versiones 7.6.0.1 y 7.6.0.2, es vulnerable a un ataque de Inyección de XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://github.com/Ibonok/CVE-2020-4463 https://exchange.xforce.ibmcloud.com/vulnerabilities/181484 https://www.ibm.com/support/pages/node/6253953 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2019-4591
https://notcve.org/view.php?id=CVE-2019-4591
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, no invalida la sesión después del cierre de sesión, lo que podría permitir a un usuario local hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 167451 • https://exchange.xforce.ibmcloud.com/vulnerabilities/167451 https://www.ibm.com/support/pages/node/6245696 • CWE-384: Session Fixation •
CVE-2020-4223
https://notcve.org/view.php?id=CVE-2020-4223
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121. IBM Maximo Asset Management versiones 7.6.0.10 y 7.6.1.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código arbitrario de JavaScript en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175121 https://www.ibm.com/support/pages/node/6238376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4529
https://notcve.org/view.php?id=CVE-2020-4529
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo server side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitando otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182713 https://www.ibm.com/support/pages/node/6220528 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-4478
https://notcve.org/view.php?id=CVE-2019-4478
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. IBM Maximo Asset Management versiones 7.6.0, y 7.6.1, podría permitir a un usuario autenticado obtener información altamente confidencial a la que no debería tener acceso normalmente. IBM X-Force ID: 163998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163998 https://www.ibm.com/support/pages/node/6208436 •