Ibm Maximo Spatial Asset Management vulnerabilities

6 known vulnerabilities affecting ibm/maximo_spatial_asset_management.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM4LOW1

Vulnerabilities

Page 1 of 1

CVE-2023-32337MEDIUMCVSS 5.4v8.102024-01-19

CVE-2023-32337 [MEDIUM] CWE-918 CVE-2023-32337: IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This m IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.

CVE-2020-4651MEDIUMCVSS 4.8v7.6.0.3v7.6.0.4+2 more2020-11-09

CVE-2020-4651 [MEDIUM] CWE-352 CVE-2020-4651: IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-si IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024.

CVE-2020-4650LOWCVSS 3.3v7.6.0.3v7.6.0.4+2 more2020-11-09

CVE-2020-4650 [LOW] CWE-922 CVE-2020-4650: IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be st IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023.

CVE-2020-4409HIGHCVSS 8.2v7.6.0.2v7.6.0.3+2 more2020-09-16

CVE-2020-4409 [HIGH] CWE-601 CVE-2020-4409: IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attack IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obt

CVE-2019-4749MEDIUMCVSS 5.4v7.6.0.2v7.6.0.3+2 more2020-04-17

CVE-2019-4749 [MEDIUM] CWE-79 CVE-2019-4749: IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.

CVE-2019-4644MEDIUMCVSS 6.1v7.6.0.2v7.6.0.3+2 more2020-04-17

CVE-2019-4644 [MEDIUM] CWE-79 CVE-2019-4644: IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows use IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.