CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-1499
https://notcve.org/view.php?id=CVE-2017-1499
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106. IBM Maximo Asset Management versiones 7.5 y 7.6 podría permitir que un atacante remoto incluya archivos arbitrarios y, como consecuencia, ejecute código en el servidor Web vulnerable. IBM X-Force ID: 129106. • http://www.ibm.com/support/docview.wss?uid=swg22012781 https://exchange.xforce.ibmcloud.com/vulnerabilities/129106 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2017-1357
https://notcve.org/view.php?id=CVE-2017-1357
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. IBM Maximo Asset Management 7.5 y 7.6 podría permitir que un usuario autenticado manipulase órdenes de trabajo para falsificar correos electrónicos. Esto podría emplearse para llevar a cabo ataques más avanzados. IBM X-Force ID: 126684. • http://www.ibm.com/support/docview.wss?uid=swg22006647 http://www.securityfocus.com/bid/100214 https://exchange.xforce.ibmcloud.com/vulnerabilities/126684 • CWE-20: Improper Input Validation •
CVSS: 2.9EPSS: 0%CPEs: 32EXPL: 0CVE-2017-1124
https://notcve.org/view.php?id=CVE-2017-1124
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053. IBM Maximo Asset Management 7.1, 7.5 y 7.6 podría permitir a un atacante local obtener información sensible utilizando inyección de encabezado HTTP. Referencia de IBM #: 1998053. • http://www.ibm.com/support/docview.wss?uid=swg21998053 http://www.securityfocus.com/bid/96536 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6072
https://notcve.org/view.php?id=CVE-2016-6072
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Maximo Asset Management es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21991893 http://www.securityfocus.com/bid/94355 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2016-5905
https://notcve.org/view.php?id=CVE-2016-5905
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.10 IF3 y 7.6 en versiones anteriores a 7.6.0.5 IF2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21988253 http://www.securityfocus.com/bid/93871 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •