CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20446
https://notcve.org/view.php?id=CVE-2021-20446
18 Feb 2021 — IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622. IBM Maximo for Civil Infrastructure versión 7.6.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20445
https://notcve.org/view.php?id=CVE-2021-20445
18 Feb 2021 — IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. IBM Maximo for Civil Infrastructure versión 7.6.2, podría permitir a un usuario obtener información confidencial debido a un almacenamiento no seguro de credenciales de autenticación. IBM X-Force ID: 196621 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196621 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20444
https://notcve.org/view.php?id=CVE-2021-20444
18 Feb 2021 — IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620. IBM Maximo for Civil Infrastructure versión 7.6.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20443
https://notcve.org/view.php?id=CVE-2021-20443
18 Feb 2021 — IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619. IBM Maximo for Civil Infrastructure versión 7.6.2, incluye una funcionalidad ejecutable (tal y como una biblioteca) de una fuente que está fuera de la esfera de control prevista. IBM X-Force ID: 196619 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196619 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •