CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4056
https://notcve.org/view.php?id=CVE-2019-4056
06 Jun 2019 — IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. La aplicación Work Center de IBM Maximo Asset Management versión 7.6 no comprueba el tipo de archivo en la carga, lo que permite a los atacantes cargar archivos maliciosos. ID de IBM X-Force: 156565. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156565 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 2.1EPSS: 0%CPEs: 21EXPL: 0CVE-2019-4048
https://notcve.org/view.php?id=CVE-2019-4048
06 Jun 2019 — IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. IBM Maximo Asset Management versión 7.6 podría permitir a un usuario físico del sistema obtener información confidencial de un usuario anterior de la misma máquina. ID de IBM X-Force: 156311. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156311 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2018-2028
https://notcve.org/view.php?id=CVE-2018-2028
06 Jun 2019 — IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. IBM Maximo Asset Management versión 7.6 podría permitir que un usuario autenticado sustituya una página de destino por un sitio de phishing, lo que permitiría al atacante obtener información muy confidencial. ID de IBM X-Force: 155554. • https://exchange.xforce.ibmcloud.com/vulnerabilities/155554 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1697
https://notcve.org/view.php?id=CVE-2018-1697
05 Dec 2018 — IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966. IBM Maximo Asset Management 7.6 podría permitir que un usuario autenticado enumere nombres de usuario mediante una petición HTTP especialmente manipulada. IBM X-Force ID: 145966. • https://exchange.xforce.ibmcloud.com/vulnerabilities/145966 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1584
https://notcve.org/view.php?id=CVE-2018-1584
28 Nov 2018 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143497. IBM Maximo Asset Management 7.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previs... • http://www.securityfocus.com/bid/106125 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1872
https://notcve.org/view.php?id=CVE-2018-1872
09 Nov 2018 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 151330. IBM Maximo Asset Management 7.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previs... • http://www.securityfocus.com/bid/106140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1686
https://notcve.org/view.php?id=CVE-2018-1686
05 Oct 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505. IBM Maximo Asset Management, de la versión 7.6 a la 7.6.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/145505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1698
https://notcve.org/view.php?id=CVE-2018-1698
13 Sep 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967. IBM Maximo Asset Management, desde la versión 7.6 hasta la 7.6.3, podría permitir que un usuario no autenticado obtenga información sensible de los mensajes de error. IBM X-Force ID: 145967. • http://www.securityfocus.com/bid/105343 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1699
https://notcve.org/view.php?id=CVE-2018-1699
24 Aug 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145968. IBM Maximo Asset Management desde la versión 7.6 hasta la 7.6.3 es vulnerable a inyección SQL. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permitirle visualizar, añadir, modificar o borrar información e... • http://www.securityfocus.com/bid/105189 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1715
https://notcve.org/view.php?id=CVE-2018-1715
16 Aug 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003. IBM Maximo Asset Management desde la versión 7.6 hasta la 7.6.3 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/147003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •