CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2986 – IBM Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2025-2986
25 Apr 2025 — IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Maximo Asset Management 7.6.1.3 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a un usuario privilegiado incrustar código JavaScript arbitrario en la interfaz web, alterando así la funcional... • https://www.ibm.com/support/pages/node/7231785 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2987 – IBM Maximo Asset Management server-side request forgery
https://notcve.org/view.php?id=CVE-2025-2987
21 Apr 2025 — IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM Maximo Asset Management 7.6.1.3 es vulnerable a server-side request forgery (SSRF). Esto podría permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de la red o facilitar otros ataques... • https://www.ibm.com/support/pages/node/7231390 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45077 – IBM Maximo Asset Management file upload
https://notcve.org/view.php?id=CVE-2024-45077
24 Jan 2025 — IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. • https://www.ibm.com/support/pages/node/7174819 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45652 – IBM Maximo Asset Management directory traversal
https://notcve.org/view.php?id=CVE-2024-45652
19 Jan 2025 — IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. • https://www.ibm.com/support/pages/node/7174820 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45088 – IBM Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2024-45088
11 Nov 2024 — IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7174818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22333 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-22333
13 Jun 2024 — IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. IBM Maximo Asset Management 7.6.1.3 e IBM Maximo Application Suite 8.10 y 8.11 permiten almacenar páginas web localmente que pueden ser leídas por otro usuario en el sistema. ID de IBM X-Force: 279973. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279973 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32335 – IBM Maximo Application Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-32335
13 Mar 2024 — IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 255075. IBM Maximo Application Suite 8.10, 8.11 e IBM Maximo Asset Management 7.6.1.3 almacenan información confidencial en parámetros de URL. Esto puede dar lugar a la divulgación de información si partes no autorizadas tienen... • https://exchange.xforce.ibmcloud.com/vulnerabilities/266875 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38723 – Maximo Asset Management cross-site scripting
https://notcve.org/view.php?id=CVE-2023-38723
13 Mar 2024 — IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192. IBM Maximo Application Suite 7.6.1.3 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando as... • https://exchange.xforce.ibmcloud.com/vulnerabilities/262192 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32333 – IBM Maximo Asset Management improper access control
https://notcve.org/view.php?id=CVE-2023-32333
02 Feb 2024 — IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073. IBM Maximo Asset Management versión 7.6.1.3 podría permitir que un atacante remoto inicie sesión en el panel de administración debido a controles de acceso inadecuados. ID de IBM X-Force: 255073. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255073 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32337 – IBM Maximo Spatial Asset Management server-side request forgery
https://notcve.org/view.php?id=CVE-2023-32337
19 Jan 2024 — IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288. IBM Maximo Spatial Asset Management 8.10 es vulnerable a server-side request forgery (SSRF). Esto puede permitir que un atacante autenticado envíe solicitudes no autorizadas desde el sistema, lo que podría provocar la enumeración de... • https://exchange.xforce.ibmcloud.com/vulnerabilities/255288 • CWE-918: Server-Side Request Forgery (SSRF) •