threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm maximo for nuclear power
Product
ibm maximo for nuclear power
46 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2020-4409
all versions
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.
8.2
HIGH
CVE-2019-4749
all versions
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri
5.4
MEDIUM
CVE-2019-4644
all versions
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri
6.1
MEDIUM
CVE-2019-4446
all versions
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request
5.4
MEDIUM
CVE-2019-4745
all versions
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due t
4.3
MEDIUM
CVE-2019-4429
all versions
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr
5.4
MEDIUM
CVE-2013-3323
all versions
A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authenticati
9.8
CRITICAL
CVE-2019-4486
all versions
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri
5.4
MEDIUM
CVE-2019-4512
all versions
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further a
4.3
MEDIUM
CVE-2019-4364
all versions
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbir
8.0
HIGH
CVE-2019-4303
all versions
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri
5.4
MEDIUM
CVE-2019-4056
all versions
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload ma
4.3
MEDIUM
CVE-2019-4048
all versions
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of
2.1
LOW
CVE-2018-2028
all versions
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allo
6.5
MEDIUM
CVE-2018-1528
all versions
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI AP
4.3
MEDIUM
CVE-2018-1524
all versions
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to ga
8.8
HIGH
CVE-2015-5016
all versions
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli As
4.3
MEDIUM
CVE-2015-0107
all versions
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 throug
6.5
MEDIUM
CVE-2015-0104
all versions
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 throug
8.8
HIGH
CVE-2016-5902
all versions
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript c
6.1
MEDIUM
CVE-2016-6072
all versions
IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript c
5.4
MEDIUM
CVE-2016-5896
all versions
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos b
5.3
MEDIUM
CVE-2016-0222
all versions
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions an
4.3
MEDIUM
CVE-2015-7448
all versions
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.
5.4
MEDIUM
CVE-2015-7487
all versions
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Man
4.1
MEDIUM
CVE-2015-5051
all versions
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6,
4.3
MEDIUM
CVE-2015-5017
all versions
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Man
5.4
MEDIUM
CVE-2015-7452
all versions
IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9,
4.3
MEDIUM
CVE-2015-7396
all versions
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 bef
5.4
MEDIUM
CVE-2015-7451
all versions
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maxi
5.4
MEDIUM
CVE-2015-4966
all versions
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Manag
CVE-2015-7395
all versions
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Manag
CVE-2015-4967
all versions
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.
CVE-2015-4965
all versions
maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX0
CVE-2015-4944
all versions
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.
CVE-2015-1934
all versions
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Man
CVE-2015-1933
all versions
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Man
CVE-2015-0109
all versions
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 throu
CVE-2015-0108
all versions
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 throu
CVE-2014-6194
all versions
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before
CVE-2014-6102
all versions
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 a
CVE-2014-4765
all versions
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1
CVE-2014-3025
<= 7.5.0.6
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2,
CVE-2014-0915
<= 7.5.0.6
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2,
CVE-2014-0914
<= 7.5.0.6
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo
CVE-2013-5402
all versions
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin