CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0CVE-2015-0109
https://notcve.org/view.php?id=CVE-2015-0109
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.1 hasta 7.1.1.8, y Maximo Asset Management 7.1 hasta 7.1.1.8 y 7.2 para Tivoli IT Asset Management para IT y ciertos otros productos, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0104, CVE-2015-0107, y CVE-2015-0108. • http://www-01.ibm.com/support/docview.wss?uid=swg21694974 https://exchange.xforce.ibmcloud.com/vulnerabilities/99606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 48EXPL: 0CVE-2014-6194
https://notcve.org/view.php?id=CVE-2014-6194
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en un formulario web no especificado en IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en un nombre de ruta. • http://www-01.ibm.com/support/docview.wss?uid=swg21694035 https://exchange.xforce.ibmcloud.com/vulnerabilities/98605 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.1EPSS: 0%CPEs: 48EXPL: 0CVE-2014-6102
https://notcve.org/view.php?id=CVE-2014-6102
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation. IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesión, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21695597 https://exchange.xforce.ibmcloud.com/vulnerabilities/96141 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 48EXPL: 0CVE-2014-4765
https://notcve.org/view.php?id=CVE-2014-4765
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message. IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5 hasta 7.5.0.6, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permiten a atacantes remotos obtener información sensible de directorios mediante la lectura de un mensaje de error no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21685289 https://exchange.xforce.ibmcloud.com/vulnerabilities/94757 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 45EXPL: 0CVE-2014-3084
https://notcve.org/view.php?id=CVE-2014-3084
IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors. IBM Maximo Asset Management 6.1 hasta 6.5, 7.1 hasta 7.1.1.13, y 7.5 hasta 7.5.0.6; Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk; y Maximo Asset Management 6.2.8, 7.1, y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados evadir las restricciones de acceso a la escritura en las entradas de calendarios a través de vectores no especificados. • http://secunia.com/advisories/60408 http://secunia.com/advisories/60453 http://www-01.ibm.com/support/docview.wss?uid=swg1IV61274 http://www-01.ibm.com/support/docview.wss?uid=swg21681020 http://www.securitytracker.com/id/1030780 https://exchange.xforce.ibmcloud.com/vulnerabilities/93955 • CWE-264: Permissions, Privileges, and Access Controls •