CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2017-1357
https://notcve.org/view.php?id=CVE-2017-1357
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. IBM Maximo Asset Management 7.5 y 7.6 podría permitir que un usuario autenticado manipulase órdenes de trabajo para falsificar correos electrónicos. Esto podría emplearse para llevar a cabo ataques más avanzados. IBM X-Force ID: 126684. • http://www.ibm.com/support/docview.wss?uid=swg22006647 http://www.securityfocus.com/bid/100214 https://exchange.xforce.ibmcloud.com/vulnerabilities/126684 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2015-5051
https://notcve.org/view.php?id=CVE-2015-5051
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors. IBM Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6 y 7.6 en versiones anteriores a 7.6.0.2 IF1 y Maximo Asset Management 7.5 en versiones anteriores a 7.5.0.8 IF6, 7.5.1 y 7.6 en versiones anteriores a 7.6.0.2 IF1 para SmartCloud Control Desk permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso en resultados de consulta a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21970797 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 48EXPL: 0CVE-2014-6194
https://notcve.org/view.php?id=CVE-2014-6194
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en un formulario web no especificado en IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en un nombre de ruta. • http://www-01.ibm.com/support/docview.wss?uid=swg21694035 https://exchange.xforce.ibmcloud.com/vulnerabilities/98605 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.1EPSS: 0%CPEs: 48EXPL: 0CVE-2014-6102
https://notcve.org/view.php?id=CVE-2014-6102
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation. IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5.0 anterior a 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos no manejan correctamente las acciones de cierre de sesión, lo que permite a atacantes remotos evadir las restricciones de acceso a Cognos BI Direct Integration mediante el aprovechamiento de un estación de trabajo desatendida. • http://www-01.ibm.com/support/docview.wss?uid=swg21695597 https://exchange.xforce.ibmcloud.com/vulnerabilities/96141 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 48EXPL: 0CVE-2014-4765
https://notcve.org/view.php?id=CVE-2014-4765
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message. IBM Maximo Asset Management 7.1 hasta 7.1.1.13 y 7.5 hasta 7.5.0.6, Maximo Asset Management 7.5.0 hasta 7.5.0.3 y 7.5.1 hasta 7.5.1.2 para SmartCloud Control Desk, y Maximo Asset Management 7.1 y 7.2 para Tivoli IT Asset Management for IT y ciertos otros productos permiten a atacantes remotos obtener información sensible de directorios mediante la lectura de un mensaje de error no especificado. • http://www-01.ibm.com/support/docview.wss?uid=swg21685289 https://exchange.xforce.ibmcloud.com/vulnerabilities/94757 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •