CVE-2020-4409
published 2020-09-16CVE-2020-4409: IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to…
high8.2CVSS 3.1
AVNACLPRNUIRSCCHILAN
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | control_desk | — | — |
| ibm | control_desk | — | — |
| ibm | maximo_asset_configuration_manager | — | — |
| ibm | maximo_asset_configuration_manager | — | — |
| ibm | maximo_asset_configuration_manager | — | — |
| ibm | maximo_asset_health_insights | — | — |
| ibm | maximo_asset_health_insights | — | — |
| ibm | maximo_asset_management | < 7.6.1.2 | 7.6.1.2 |
| ibm | maximo_asset_management | — | — |
| ibm | maximo_asset_management | — | — |
| ibm | maximo_asset_management_scheduler | — | — |
| ibm | maximo_asset_management_scheduler | — | — |
| ibm | maximo_asset_management_scheduler | — | — |
| ibm | maximo_asset_management_scheduler_plus | — | — |
| ibm | maximo_asset_management_scheduler_plus | — | — |
| ibm | maximo_asset_management_scheduler_plus | — | — |
| ibm | maximo_calibration | — | — |
| ibm | maximo_enterprise_adapter | — | — |
| ibm | maximo_enterprise_adapter | — | — |
| ibm | maximo_for_aviation | — | — |
| ibm | maximo_for_aviation | — | — |
| ibm | maximo_for_aviation | — | — |
| ibm | maximo_for_life_sciences | — | — |
| ibm | maximo_for_nuclear_power | — | — |
| ibm | maximo_for_oil_and_gas | — | — |