CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-5987
https://notcve.org/view.php?id=CVE-2016-5987
30 Nov 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message. IBM Maximo Asset Management 7.1 hasta la versión 7.1.1.13, 7.5 en versiones anteriores a 7.5.0.10 IF4 y 7.6 en versiones anteriores a 7.6.0.5 IF3 permite a atacantes remotos obtener información sensible a través de una petición HTTP manipulada que desencadena las construc... • http://www-01.ibm.com/support/docview.wss?uid=swg21990449 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2016-0393
https://notcve.org/view.php?id=CVE-2016-0393
17 Jul 2016 — IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.10-TIV-MBS-IFIX002 y 7.6 en versiones anteriores a 7.6.0.5-TIV-MAMMT-FP001 permite a atacantes remotos obtener información sensible de URL leyendo archivos de registro. • http://www-01.ibm.com/support/docview.wss?uid=swg21986053 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 28EXPL: 0CVE-2016-0399
https://notcve.org/view.php?id=CVE-2016-0399
02 Jul 2016 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta la versión 7.1.1.13, 7.5 en versiones anteriores a 7.5.0.9 IFIX007 y 7.6 en versiones anteriores a 7.6.0.5 FP005 permite a usuarios remotos autenticados inyectar secuencia de comandos web o HTML arbitrarios... • http://www-01.ibm.com/support/docview.wss?uid=swg21984134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2016-0289
https://notcve.org/view.php?id=CVE-2016-0289
04 Apr 2016 — shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. shiprec.xml en la aplicación SHIPREC en IBM Maximo Asset Management 7.1 y 7.5 en versiones anteriores a 7.5.0.10 y 7.6 en versiones anteriores a 7.6.0.4 permite a usuarios remotos autenticados eludir las restricciones destinadas a la selección de elemento a través de vectores no espec... • http://www-01.ibm.com/support/docview.wss?uid=swg21979519 • CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2016-0262
https://notcve.org/view.php?id=CVE-2016-0262
14 Mar 2016 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1.1 hasta la versión 7.1.1.3, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados inyectar secuencias de comandos web o H... • http://www-01.ibm.com/support/docview.wss?uid=swg21977828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 119EXPL: 0CVE-2015-7448
https://notcve.org/view.php?id=CVE-2015-7448
12 Mar 2016 — SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección S... • http://www-01.ibm.com/support/docview.wss?uid=swg21974938 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 59EXPL: 0CVE-2015-7487
https://notcve.org/view.php?id=CVE-2015-7487
27 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. IBM Maximo Asset Management 7.1 hasta la... • http://www-01.ibm.com/support/docview.wss?uid=swg21974537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2015-5017
https://notcve.org/view.php?id=CVE-2015-5017
03 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. IBM Maximo Asset M... • http://www-01.ibm.com/support/docview.wss?uid=swg21969052 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2015-5051
https://notcve.org/view.php?id=CVE-2015-5051
03 Jan 2016 — IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors. IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.2 IF1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versione... • http://www-01.ibm.com/support/docview.wss?uid=swg21970797 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-7396
https://notcve.org/view.php?id=CVE-2015-7396
02 Jan 2016 — The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors. El Scheduler en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.1 FP1 y Maximo Asset Management... • http://www-01.ibm.com/support/docview.wss?uid=swg21970799 • CWE-264: Permissions, Privileges, and Access Controls •