180 results (0.003 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. IBM Maximo Asset Management 7.6.1.3 e IBM Maximo Application Suite 8.10 y 8.11 permiten almacenar páginas web localmente que pueden ser leídas por otro usuario en el sistema. ID de IBM X-Force: 279973. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279973 https://www.ibm.com/support/pages/node/7157256 https://www.ibm.com/support/pages/node/7157257 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •

CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075. IBM Maximo Application Suite 8.10, 8.11 e IBM Maximo Asset Management 7.6.1.3 almacenan información confidencial en parámetros de URL. Esto puede dar lugar a la divulgación de información si partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado de referencia o el historial del navegador. • https://exchange.xforce.ibmcloud.com/vulnerabilities/266875 https://www.ibm.com/support/pages/node/7138684 https://www.ibm.com/support/pages/node/7138686 • CWE-598: Use of GET Request Method With Sensitive Query Strings •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192. IBM Maximo Application Suite 7.6.1.3 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262192 https://www.ibm.com/support/pages/node/7139010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. IBM Maximo Asset Management versión 7.6.1.3 podría permitir que un atacante remoto inicie sesión en el panel de administración debido a controles de acceso inadecuados. ID de IBM X-Force: 255073. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255073 https://www.ibm.com/support/pages/node/7112388 • CWE-284: Improper Access Control •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. IBM Maximo Spatial Asset Management 8.10 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255288 https://www.ibm.com/support/pages/node/7107712 • CWE-918: Server-Side Request Forgery (SSRF) •