CVE-2020-4409

all versions

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.

8.2HIGH

CVE-2019-4749

all versions

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

5.4MEDIUM

CVE-2019-4644

all versions

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

6.1MEDIUM

CVE-2019-4446

all versions

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request

5.4MEDIUM

CVE-2019-4745

all versions

IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due t

4.3MEDIUM

CVE-2019-4429

all versions

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitr

5.4MEDIUM

CVE-2013-3323

all versions

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authenticati

9.8CRITICAL

CVE-2019-4546

all versions

After installing the IBM Maximo Health-Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are

8.8HIGH

CVE-2019-4486

all versions

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

5.4MEDIUM

CVE-2019-4512

all versions

IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further a

4.3MEDIUM

CVE-2019-4364

all versions

IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbir

8.0HIGH

CVE-2019-4303

all versions

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScri

5.4MEDIUM

CVE-2019-4056

all versions

IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload ma

4.3MEDIUM

CVE-2019-4048

all versions

IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of

2.1LOW

CVE-2018-2028

all versions

IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allo

6.5MEDIUM

CVE-2018-1528

all versions

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI AP

4.3MEDIUM

CVE-2018-1524

all versions

IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to ga

8.8HIGH

CVE-2015-5016

all versions

IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli As

4.3MEDIUM

CVE-2015-0107

all versions

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 throug

6.5MEDIUM

CVE-2015-0104

all versions

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 throug

8.8HIGH

CVE-2016-5902

all versions

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript c

6.1MEDIUM

CVE-2016-6072

all versions

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript c

5.4MEDIUM

CVE-2016-5896

all versions

IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos b

5.3MEDIUM

CVE-2016-0222

all versions

IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions an

4.3MEDIUM

CVE-2015-7448

all versions

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.

5.4MEDIUM

CVE-2015-7487

all versions

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Man

4.1MEDIUM

CVE-2015-5051

all versions

IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6,

4.3MEDIUM

CVE-2015-5017

all versions

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Man

5.4MEDIUM

CVE-2015-7452

all versions

IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9,

4.3MEDIUM

CVE-2015-7396

all versions

The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 bef

5.4MEDIUM

CVE-2015-7451

all versions

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maxi

5.4MEDIUM

CVE-2015-4966

all versions

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Manag

CVE-2015-7395

all versions

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Manag

CVE-2015-4967

all versions

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.

CVE-2015-4965

all versions

maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX0

CVE-2015-4944

all versions

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.

CVE-2015-1934

all versions

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Man

CVE-2015-1933

all versions

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Man

CVE-2015-0109

all versions

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 throu

CVE-2015-0108

all versions

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 throu

CVE-2014-6194

all versions

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before

CVE-2014-6102

all versions

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 a

CVE-2014-4765

all versions

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1

CVE-2014-3025

<= 7.5.0.6

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2,

CVE-2014-0915

<= 7.5.0.6

Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2,

CVE-2014-0914

<= 7.5.0.6

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo

CVE-2013-5402

all versions

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government