Page 8 of 163 results (0.010 seconds)

CVSS: 2.1EPSS: 0%CPEs: 21EXPL: 0

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. IBM Maximo Asset Management versión 7.6 podría permitir a un usuario físico del sistema obtener información confidencial de un usuario anterior de la misma máquina. ID de IBM X-Force: 156311. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156311 https://www.ibm.com/support/docview.wss?uid=ibm10880147 • CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. IBM Maximo Asset Management versión 7.6 podría permitir que un usuario autenticado sustituya una página de destino por un sitio de phishing, lo que permitiría al atacante obtener información muy confidencial. ID de IBM X-Force: 155554. • https://exchange.xforce.ibmcloud.com/vulnerabilities/155554 https://www.ibm.com/support/docview.wss?uid=ibm10880145 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966. IBM Maximo Asset Management 7.6 podría permitir que un usuario autenticado enumere nombres de usuario mediante una petición HTTP especialmente manipulada. IBM X-Force ID: 145966. • https://exchange.xforce.ibmcloud.com/vulnerabilities/145966 https://www.ibm.com/support/docview.wss?uid=ibm10737457 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497. IBM Maximo Asset Management 7.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106125 https://exchange.xforce.ibmcloud.com/vulnerabilities/143497 https://www.ibm.com/support/docview.wss?uid=ibm10741821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330. IBM Maximo Asset Management 7.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106140 https://exchange.xforce.ibmcloud.com/vulnerabilities/151330 https://www.ibm.com/support/docview.wss?uid=ibm10737461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •