Ibm Maximo Asset Configuration Manager vulnerabilities

CVE-2020-4409 [HIGH] CWE-601 CVE-2020-4409: IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attack IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obt

CVE-2019-4749 [MEDIUM] CWE-79 CVE-2019-4749: IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.

CVE-2019-4446 [MEDIUM] CVE-2019-4446: IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not autho IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.

CVE-2019-4644 [MEDIUM] CWE-79 CVE-2019-4644: IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.