CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2016-0262
https://notcve.org/view.php?id=CVE-2016-0262
14 Mar 2016 — Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1.1 hasta la versión 7.1.1.3, 7.5.0 en versiones anteriores a 7.5.0.9 IFIX004 y 7.6.0 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados inyectar secuencias de comandos web o H... • http://www-01.ibm.com/support/docview.wss?uid=swg21977828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2016-0222
https://notcve.org/view.php?id=CVE-2016-0222
14 Mar 2016 — IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. IBM Maximo Asset Management 7.6 en versiones anteriores a 7.6.0.3 IFIX001 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y leer registros de trabajo de órdenes de compra arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21976949 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 119EXPL: 0CVE-2015-7448
https://notcve.org/view.php?id=CVE-2015-7448
12 Mar 2016 — SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección S... • http://www-01.ibm.com/support/docview.wss?uid=swg21974938 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 59EXPL: 0CVE-2015-7487
https://notcve.org/view.php?id=CVE-2015-7487
27 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. IBM Maximo Asset Management 7.1 hasta la... • http://www-01.ibm.com/support/docview.wss?uid=swg21974537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 82EXPL: 0CVE-2015-4966
https://notcve.org/view.php?id=CVE-2015-4966
08 Nov 2015 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors. IBM Máximo Asset Managem... • http://www-01.ibm.com/support/docview.wss?uid=swg21968191 • CWE-255: Credentials Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 82EXPL: 0CVE-2015-7395
https://notcve.org/view.php?id=CVE-2015-7395
08 Nov 2015 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors. IBM Maximo Asset Management 7.1 hasta la versión ... • http://www-01.ibm.com/support/docview.wss?uid=swg21969072 • CWE-284: Improper Access Control •