CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29744
https://notcve.org/view.php?id=CVE-2021-29744
27 Aug 2021 — IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuario... • https://exchange.xforce.ibmcloud.com/vulnerabilities/201694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20509
https://notcve.org/view.php?id=CVE-2021-20509
12 Aug 2021 — IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es potencialmente vulnerable a una inyección CSV. Un atacante remoto podría ejecutar comandos arbitrarios en el sistema, causados por la comprobación inapropiada del contenido de los archivos csv. • https://exchange.xforce.ibmcloud.com/vulnerabilities/198243 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20374
https://notcve.org/view.php?id=CVE-2021-20374
19 May 2021 — IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a ataques de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/195522 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20446
https://notcve.org/view.php?id=CVE-2021-20446
18 Feb 2021 — IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622. IBM Maximo for Civil Infrastructure versión 7.6.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20445
https://notcve.org/view.php?id=CVE-2021-20445
18 Feb 2021 — IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. IBM Maximo for Civil Infrastructure versión 7.6.2, podría permitir a un usuario obtener información confidencial debido a un almacenamiento no seguro de credenciales de autenticación. IBM X-Force ID: 196621 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196621 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20444
https://notcve.org/view.php?id=CVE-2021-20444
18 Feb 2021 — IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620. IBM Maximo for Civil Infrastructure versión 7.6.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20443
https://notcve.org/view.php?id=CVE-2021-20443
18 Feb 2021 — IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619. IBM Maximo for Civil Infrastructure versión 7.6.2, incluye una funcionalidad ejecutable (tal y como una biblioteca) de una fuente que está fuera de la esfera de control prevista. IBM X-Force ID: 196619 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196619 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4651
https://notcve.org/view.php?id=CVE-2020-4651
09 Nov 2020 — IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024. IBM Maximo Spatial Asset Management versiones 7.6.0.3, 7.6.0.4, 7.6.0.5 y 7.6.1.0, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas des... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186024 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4650
https://notcve.org/view.php?id=CVE-2020-4650
09 Nov 2020 — IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023. IBM Maximo Spatial Asset Management versiones 7.6.0.3, 7.6.0.4, 7.6.0.5 y 7.6.1.0, permite que las páginas web sean almacenadas localmente las cuales puedan ser leídas por otro usuario en el sistema. IBM X-Force ID: 186023 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186023 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 3.6EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4349
https://notcve.org/view.php?id=CVE-2019-4349
03 Nov 2020 — IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force ID: 161486 Las aplicaciones IBM Maximo Anywhere versiones 7.6.2.0, 7.6.2.1, 7.6.3.0 y 7.6.3.1, se pueden instalar en una versión de sistema operativo en desuso que podría comprometer la confidencialidad e integridad del servicio. IBM X-Force ID: 161486 • https://exchange.xforce.ibmcloud.com/vulnerabilities/161486 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •