CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2013-3323
https://notcve.org/view.php?id=CVE-2013-3323
18 Feb 2020 — A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticación Básica es usado, debido a un fallo al invalidar la sesión de autenticación, lo que podría permitir a u... • http://www.securityfocus.com/bid/62685 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2015-5016
https://notcve.org/view.php?id=CVE-2015-5016
27 Mar 2018 — IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460. IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.... • http://www-01.ibm.com/support/docview.wss?uid=swg21971160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 21EXPL: 1CVE-2015-0104 – IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-0104
24 Apr 2017 — IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versiones hasta 7.... • https://www.exploit-db.com/exploits/36002 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 7%CPEs: 21EXPL: 1CVE-2015-0107 – IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-0107
24 Apr 2017 — IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors. IBM Tivoli IT Asset Management para IT, Tivoli Service Request Manager, y Change y Configuration Management Database 7.1 en versi... • https://www.exploit-db.com/exploits/36002 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2016-6072
https://notcve.org/view.php?id=CVE-2016-6072
01 Feb 2017 — IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Maximo Asset Management es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a ... • http://www.ibm.com/support/docview.wss?uid=swg21991893 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 119EXPL: 0CVE-2015-7448
https://notcve.org/view.php?id=CVE-2015-7448
12 Mar 2016 — SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección S... • http://www-01.ibm.com/support/docview.wss?uid=swg21974938 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 59EXPL: 0CVE-2015-7487
https://notcve.org/view.php?id=CVE-2015-7487
27 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. IBM Maximo Asset Management 7.1 hasta la... • http://www-01.ibm.com/support/docview.wss?uid=swg21974537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2015-5017
https://notcve.org/view.php?id=CVE-2015-5017
03 Jan 2016 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. IBM Maximo Asset M... • http://www-01.ibm.com/support/docview.wss?uid=swg21969052 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 82EXPL: 0CVE-2015-4966
https://notcve.org/view.php?id=CVE-2015-4966
08 Nov 2015 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors. IBM Máximo Asset Managem... • http://www-01.ibm.com/support/docview.wss?uid=swg21968191 • CWE-255: Credentials Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 82EXPL: 0CVE-2015-7395
https://notcve.org/view.php?id=CVE-2015-7395
08 Nov 2015 — IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors. IBM Maximo Asset Management 7.1 hasta la versión ... • http://www-01.ibm.com/support/docview.wss?uid=swg21969072 • CWE-284: Improper Access Control •