CVE-2020-4409

all versions

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.

8.2HIGH

CVE-2019-4749

all versions

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

5.4MEDIUM

CVE-2019-4644

all versions

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

6.1MEDIUM

CVE-2019-4446

all versions

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request

5.4MEDIUM

CVE-2019-4745

all versions

IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due t

4.3MEDIUM

CVE-2019-4429

all versions

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr

5.4MEDIUM

CVE-2019-4486

all versions

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

5.4MEDIUM

CVE-2019-4512

all versions

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further a

4.3MEDIUM

CVE-2019-4364

all versions

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbir

8.0HIGH

CVE-2019-4303

all versions

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

5.4MEDIUM

CVE-2019-4056

all versions

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload ma

4.3MEDIUM

CVE-2019-4048

all versions

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of

2.1LOW

CVE-2018-2028

all versions

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allo

6.5MEDIUM

CVE-2018-1528

all versions

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI AP

4.3MEDIUM

CVE-2018-1524

all versions

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to ga

8.8HIGH

CVE-2015-5016

all versions

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli As

4.3MEDIUM

CVE-2016-5902

all versions

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript c

6.1MEDIUM

CVE-2016-6072

all versions

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript c

5.4MEDIUM

CVE-2016-5896

all versions

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos b

5.3MEDIUM