CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2013-3323
https://notcve.org/view.php?id=CVE-2013-3323
18 Feb 2020 — A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticación Básica es usado, debido a un fallo al invalidar la sesión de autenticación, lo que podría permitir a u... • http://www.securityfocus.com/bid/62685 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2015-5016
https://notcve.org/view.php?id=CVE-2015-5016
27 Mar 2018 — IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460. IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.... • http://www-01.ibm.com/support/docview.wss?uid=swg21971160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2016-9977
https://notcve.org/view.php?id=CVE-2016-9977
07 Jun 2017 — IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253. Maximo Asset Management versiones 7.1, 7.5 y 7.6 de IBM, podría permitir a un atacante remoto secuestrar la sesión de usuario, causado por un fallo para invalidar un identificador de sesión existente. Un atacante podría explotar ... • http://www.ibm.com/support/docview.wss?uid=swg22003981 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 2%CPEs: 5EXPL: 0CVE-2016-9976
https://notcve.org/view.php?id=CVE-2016-9976
03 May 2017 — IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. IBM Maximo Asset Management 7.1, 7.5, y 7.6 podría permitir a un atacante remoto incluir ficheros arbitrarios. Un atacante remoto podría enviar peticiones URL especialmente diseñadas para ejecutar código abritrario en el servidor afectado.... • http://www.ibm.com/support/docview.wss?uid=swg22002018 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 7%CPEs: 21EXPL: 1CVE-2015-0107 – IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-0107
24 Apr 2017 — IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versi... • https://www.exploit-db.com/exploits/36002 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 2%CPEs: 21EXPL: 1CVE-2015-0104 – IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-0104
24 Apr 2017 — IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.... • https://www.exploit-db.com/exploits/36002 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 119EXPL: 0CVE-2015-7448
https://notcve.org/view.php?id=CVE-2015-7448
12 Mar 2016 — SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección S... • http://www-01.ibm.com/support/docview.wss?uid=swg21974938 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 59EXPL: 0CVE-2015-7487
https://notcve.org/view.php?id=CVE-2015-7487
27 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. IBM Maximo Asset Management 7.1 hasta la... • http://www-01.ibm.com/support/docview.wss?uid=swg21974537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2015-5017
https://notcve.org/view.php?id=CVE-2015-5017
03 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. IBM Maximo Asset M... • http://www-01.ibm.com/support/docview.wss?uid=swg21969052 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 81EXPL: 0CVE-2015-4965
https://notcve.org/view.php?id=CVE-2015-4965
05 Oct 2015 — maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 and 7.6.0 before 7.6.0.1 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to obtain sensitive information by reading a (1) backup or (2) debug appl... • http://www-01.ibm.com/support/docview.wss?uid=swg21966194 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •