CVE-2019-4591
https://notcve.org/view.php?id=CVE-2019-4591
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, no invalida la sesión después del cierre de sesión, lo que podría permitir a un usuario local hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 167451 • https://exchange.xforce.ibmcloud.com/vulnerabilities/167451 https://www.ibm.com/support/pages/node/6245696 • CWE-384: Session Fixation •
CVE-2020-4529
https://notcve.org/view.php?id=CVE-2020-4529
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo server side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitando otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182713 https://www.ibm.com/support/pages/node/6220528 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-4478
https://notcve.org/view.php?id=CVE-2019-4478
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. IBM Maximo Asset Management versiones 7.6.0, y 7.6.1, podría permitir a un usuario autenticado obtener información altamente confidencial a la que no debería tener acceso normalmente. IBM X-Force ID: 163998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163998 https://www.ibm.com/support/pages/node/6208436 •
CVE-2019-4749
https://notcve.org/view.php?id=CVE-2019-4749
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. IBM Maximo Asset Management versión 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista, conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/173308 https://www.ibm.com/support/pages/node/6193479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-4644
https://notcve.org/view.php?id=CVE-2019-4644
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880. IBM Maximo Asset Management versión 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista, conllevando a una divulgación de credenciales en una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/170880 https://www.ibm.com/support/pages/node/6191583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •