Ibm Maximo Asset Management vulnerabilities

CVE-2020-4223 [MEDIUM] CWE-79 CVE-2020-4223: IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnera IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175121.

CVE-2020-4529 [HIGH] CWE-918 CVE-2020-4529: IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). Thi IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.

CVE-2019-4478 [MEDIUM] CVE-2019-4478: IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sens IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998.

CVE-2019-4749 [MEDIUM] CWE-79 CVE-2019-4749: IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.

CVE-2019-4446 [MEDIUM] CVE-2019-4446: IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not autho IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.

CVE-2019-4644 [MEDIUM] CWE-79 CVE-2019-4644: IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.

CVE-2019-4745 [MEDIUM] CWE-863 CVE-2019-4745: IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.

CVE-2019-4583 [MEDIUM] CWE-209 CVE-2019-4583: IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensiti IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289.

CVE-2019-4429 [MEDIUM] CWE-79 CVE-2019-4429: IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerabilit IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.

CVE-2013-3323 [CRITICAL] CWE-269 CVE-2013-3323: A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when W A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

CVE-2019-4530 [MEDIUM] CVE-2019-4530: IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a re IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586.

CVE-2019-4486 [MEDIUM] CWE-79 CVE-2019-4486: IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070.

CVE-2019-4512 [MEDIUM] CWE-209 CVE-2019-4512: IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information t IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.

CVE-2019-4430 [HIGH] CWE-22 CVE-2019-4430: IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.

CVE-2019-4364 [HIGH] CWE-1236 CVE-2019-4364: IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authentic IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.

CVE-2019-4303 [MEDIUM] CWE-79 CVE-2019-4303: IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.

CVE-2019-4056 [MEDIUM] CWE-434 CVE-2019-4056: IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, a IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.

CVE-2018-2028 [MEDIUM] CWE-312 CVE-2018-2028: IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.

CVE-2019-4048 [LOW] CWE-269 CVE-2019-4048: IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive inform IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.

CVE-2018-1697 [MEDIUM] CWE-200 CVE-2018-1697: IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a spe IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.