CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4529
https://notcve.org/view.php?id=CVE-2020-4529
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo server side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitando otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182713 https://www.ibm.com/support/pages/node/6220528 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4478
https://notcve.org/view.php?id=CVE-2019-4478
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. IBM Maximo Asset Management versiones 7.6.0, y 7.6.1, podría permitir a un usuario autenticado obtener información altamente confidencial a la que no debería tener acceso normalmente. IBM X-Force ID: 163998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163998 https://www.ibm.com/support/pages/node/6208436 •
CVSS: 5.4EPSS: 0%CPEs: 43EXPL: 0CVE-2019-4749
https://notcve.org/view.php?id=CVE-2019-4749
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. IBM Maximo Asset Management versión 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista, conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/173308 https://www.ibm.com/support/pages/node/6193479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 0CVE-2019-4644
https://notcve.org/view.php?id=CVE-2019-4644
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880. IBM Maximo Asset Management versión 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista, conllevando a una divulgación de credenciales en una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/170880 https://www.ibm.com/support/pages/node/6191583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 40EXPL: 0CVE-2019-4446
https://notcve.org/view.php?id=CVE-2019-4446
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. IBM Maximo Asset Management versión 7.6, podría permitir a un usuario autentificado realizar acciones a las que no está autorizado al modificar los parámetros de petición. IBM X-Force ID: 163490. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 https://www.ibm.com/support/pages/node/6190215 •