CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4529
https://notcve.org/view.php?id=CVE-2020-4529
08 Jun 2020 — IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo server side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevan... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182713 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4478
https://notcve.org/view.php?id=CVE-2019-4478
12 May 2020 — IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. IBM Maximo Asset Management versiones 7.6.0, y 7.6.1, podría permitir a un usuario autenticado obtener información altamente confidencial a la que no debería tener acceso normalmente. IBM X-Force ID: 163998. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163998 •
CVSS: 2.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4266
https://notcve.org/view.php?id=CVE-2019-4266
06 May 2020 — IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199. IBM Maximo Anywhere versiones 7.6.2.0, 7.6.2.1, 7.6.3.0 y 7.6.3.1, no presenta detección de jailbreak del dispositivo, lo que podría resultar en que un atacante consiga información confidencial sobre el dispositivo. ID de IBM X-Force: 160199. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160199 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4288
https://notcve.org/view.php?id=CVE-2019-4288
29 Apr 2020 — IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631. IBM Maximo Anywhere versiones 7.6.2.0, 7.6.2.1, 7.6.3.0, y 7.6.3.1, podría revelar información de usuario altamente confidencial a un usuario autenticado con acceso físico al dispositivo. IBM X-Force ID: 160631. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160631 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4286
https://notcve.org/view.php?id=CVE-2019-4286
29 Apr 2020 — IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514. IBM Maximo Anywhere versiones 7.6.2.0, 7.6.2.1, 7.6.3.0, y 7.6.3.1, podría revelar información de un usuario altamente confidencial a un usuario autenticado con acceso físico al dispositivo. IBM X-Force ID: 160514. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160514 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 43EXPL: 0CVE-2019-4749
https://notcve.org/view.php?id=CVE-2019-4749
17 Apr 2020 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. IBM Maximo Asset Management versión 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la f... • https://exchange.xforce.ibmcloud.com/vulnerabilities/173308 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 0CVE-2019-4644
https://notcve.org/view.php?id=CVE-2019-4644
17 Apr 2020 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880. IBM Maximo Asset Management versión 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la f... • https://exchange.xforce.ibmcloud.com/vulnerabilities/170880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 40EXPL: 0CVE-2019-4446
https://notcve.org/view.php?id=CVE-2019-4446
17 Apr 2020 — IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. IBM Maximo Asset Management versión 7.6, podría permitir a un usuario autentificado realizar acciones a las que no está autorizado al modificar los parámetros de petición. IBM X-Force ID: 163490. • https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2019-4745
https://notcve.org/view.php?id=CVE-2019-4745
24 Feb 2020 — IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883. IBM Maximo Asset Management versión 7.6.1.0, podría permitir a un atacante remoto divulgar información confidencial a un usuario autentificado debido a una divulgación de información de la ruta en la URL. IBM X-Force ID: 172883. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172883 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4583
https://notcve.org/view.php?id=CVE-2019-4583
20 Feb 2020 — IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289. IBM Maximo Asset Management versiones 7.6.0.10 y 7.6.1.1, podría permitir a un usuario autenticado obtener información confidencial a partir de un rastro de la pila que podría ser usado para ayudar en futuros ataques. ID de IBM X-Force: 167289. • https://exchange.xforce.ibmcloud.com/vulnerabilities/167289 • CWE-209: Generation of Error Message Containing Sensitive Information •