Ibm Corporation Maximo Asset Management vulnerabilities

CVE-2016-9976 [HIGH] CWE-284 CVE-2016-9976: IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary fil IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.

CVE-2016-8924 [MEDIUM] CWE-79 CVE-2016-8924: IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's sessio IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.

CVE-2017-1124 [LOW] CWE-200 CVE-2017-1124: IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive infor IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.

CVE-2016-5896 [MEDIUM] CWE-200 CVE-2016-5896: IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.

CVE-2016-6072 [MEDIUM] CWE-79 CVE-2016-6072: IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users t IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.