Page 4 of 18 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460. IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.2; así como otros productos de IBM permiten que usuarios autenticados remotos omitan las restricciones de acceso previstas y lean entradas del registro de tareas de tickets arbitrarias mediante vectores sin especificar. IBM X-Force ID: 106460. • http://www-01.ibm.com/support/docview.wss?uid=swg21971160 https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Maximo Asset Management es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la divulgación de credenciales en una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21988252 http://www.securityfocus.com/bid/92535 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser. IBM Maximo Asset Management podría revelar información sensible de una traza de pila después de la presentación de inicio de sesión incorrecto en el navegador de Cognos. • http://www.ibm.com/support/docview.wss?uid=swg21987855 http://www.securityfocus.com/bid/93872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •