CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4486
https://notcve.org/view.php?id=CVE-2019-4486
24 Oct 2019 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. IBM Maximo Asset Management versión 7.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/164070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4512
https://notcve.org/view.php?id=CVE-2019-4512
09 Oct 2019 — IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. IBM Maximo Asset Management versión 7.6.1.1, genera un mensaje de error que incluye información confidencial que podría ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 164554. • https://exchange.xforce.ibmcloud.com/vulnerabilities/164554 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.5EPSS: 1%CPEs: 20EXPL: 0CVE-2019-4364
https://notcve.org/view.php?id=CVE-2019-4364
19 Jun 2019 — IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. IBM Maximo Asset Management versión 7.6 es vulnerable a la inyección de CSV, lo que podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. ID de IBM X-Force: 161680. • http://www.securityfocus.com/bid/108910 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4303
https://notcve.org/view.php?id=CVE-2019-4303
19 Jun 2019 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949. IBM Maximo Asset Management versión 7.6 es vulnerable a cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcional... • http://www.securityfocus.com/bid/108912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4056
https://notcve.org/view.php?id=CVE-2019-4056
06 Jun 2019 — IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565. La aplicación Work Center de IBM Maximo Asset Management versión 7.6 no comprueba el tipo de archivo en la carga, lo que permite a los atacantes cargar archivos maliciosos. ID de IBM X-Force: 156565. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156565 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 2.1EPSS: 0%CPEs: 21EXPL: 0CVE-2019-4048
https://notcve.org/view.php?id=CVE-2019-4048
06 Jun 2019 — IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311. IBM Maximo Asset Management versión 7.6 podría permitir a un usuario físico del sistema obtener información confidencial de un usuario anterior de la misma máquina. ID de IBM X-Force: 156311. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156311 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2018-2028
https://notcve.org/view.php?id=CVE-2018-2028
06 Jun 2019 — IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554. IBM Maximo Asset Management versión 7.6 podría permitir que un usuario autenticado sustituya una página de destino por un sitio de phishing, lo que permitiría al atacante obtener información muy confidencial. ID de IBM X-Force: 155554. • https://exchange.xforce.ibmcloud.com/vulnerabilities/155554 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2018-1528
https://notcve.org/view.php?id=CVE-2018-1528
06 Aug 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. IBM Maximo Asset Management, desde la versión 7.6 hasta la 7.6.3, podría permitir que un usuario autenticado obtenga información sensible desde la API WhoAmI. IBM X-Force ID: 142290. • http://www.securityfocus.com/bid/105023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1524
https://notcve.org/view.php?id=CVE-2018-1524
03 Aug 2018 — IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116. IBM Maximo Asset Management, de la versión 7.6 a la 7.6.3, se instala con una cuenta de administrador por defecto que podría ser empleada por un atacante remoto para obtener acceso de administrador al sistema. Esta vulnerabilidad existe debido a una sol... • https://exchange.xforce.ibmcloud.com/vulnerabilities/142116 • CWE-1188: Initialization of a Resource with an Insecure Default •