Product:

Maximo_asset_management

(Ibm)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 174
Date Id Summary Products Score Patch Annotated
2022-05-03 CVE-2021-29854 IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. Maximo_application_suite, Maximo_asset_management 7.2
2022-04-21 CVE-2022-22435 IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Maximo_asset_management 5.4
2022-04-21 CVE-2022-22436 IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164. Maximo_asset_management 5.4
2022-02-18 CVE-2021-38935 IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. Maximo_asset_management 7.5
2021-08-30 CVE-2021-29743 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. Maximo_application_suite, Maximo_asset_management 5.4
2021-08-27 CVE-2021-29744 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. Maximo_application_suite, Maximo_asset_management 5.4
2021-08-12 CVE-2021-20509 IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243. Maximo_asset_management 9.8
2020-04-17 CVE-2019-4446 IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. Control_desk, Maximo_asset_configuration_manager, Maximo_asset_health_insights, Maximo_asset_management, Maximo_asset_management_scheduler, Maximo_asset_management_scheduler_plus, Maximo_calibration, Maximo_enterprise_adapter, Maximo_equipment_maintenance_assistant_on\-Premises, Maximo_for_aviation, Maximo_for_life_sciences, Maximo_for_nuclear_power, Maximo_for_oil_and_gas, Maximo_for_service_providers, Maximo_for_transportation, Maximo_for_utilities, Maximo_linear_asset_manager, Maximo_network_on_blockchain, Tivoli_integration_composer 5.4
2020-05-12 CVE-2019-4478 IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. Maximo_asset_management 6.5
2020-10-05 CVE-2020-4493 IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. Maximo_asset_management 9.8