Ibm Maximo Asset Management — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Maximo Asset Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (182)
CVE-2021-20509 — CVSS 9.8 (critical): IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands…
CVE-2017-1175 — CVSS 9.8 (critical): IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL…
CVE-2013-3323 — CVSS 9.8 (critical): A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is…
CVE-2020-4493 — CVSS 9.8 (critical): IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted…
CVE-2018-1414 — CVSS 8.8 (high): IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements…
CVE-2018-1524 — CVSS 8.8 (high): IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain…
CVE-2015-0104 — CVSS 8.8 (high): IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8…
CVE-2020-4521 — CVSS 8.8 (high): IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by…
CVE-2016-9977 — CVSS 8.8 (high): IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate…
CVE-2016-9984 — CVSS 8.8 (high): IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as…
CVE-2017-1499 — CVSS 8.8 (high): IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute…
CVE-2016-9976 — CVSS 8.4 (high): IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a…
CVE-2020-4463 — CVSS 8.2 (high): IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A…
CVE-2020-4409 — CVSS 8.2 (high): IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By…
CVE-2022-40616 — CVSS 8.1 (high): IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass authentication and obtain sensitive information or…
CVE-2019-4364 — CVSS 8.0 (high): IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary…
CVE-2019-4591 — CVSS 7.8 (high): IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another…
CVE-2021-38924 — CVSS 7.5 (high): IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2021-38935 — CVSS 7.5 (high): IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for…
CVE-2019-4430 — CVSS 7.5 (high): IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2013-5395 — CVSS 7.5 (high): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended…
CVE-2020-4529 — CVSS 7.4 (high): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker…
CVE-2021-29854 — CVSS 7.2 (high): IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST…
CVE-2012-3323 — CVSS 6.8 (medium): IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via…
CVE-2011-1397 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Labor Reporting page in IBM Maximo Asset Management and Asset Management Essentials…
CVE-2012-2184 — CVSS 6.8 (medium): Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management…
CVE-2012-0714 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli…
CVE-2012-2183 — CVSS 6.8 (medium): Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management…
CVE-2013-4017 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands…
CVE-2013-5381 — CVSS 6.5 (medium): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain…
CVE-2012-0747 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for…
CVE-2012-6355 — CVSS 6.5 (medium): IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through…
CVE-2012-6356 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users…
CVE-2012-6357 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users…
CVE-2013-0451 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to…
CVE-2012-0728 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for…
CVE-2012-0727 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli…
CVE-2013-3047 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified…
CVE-2013-3973 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to…
CVE-2019-4530 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be…
CVE-2019-4478 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not…
CVE-2013-4016 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749…
CVE-2013-4021 — CVSS 6.5 (medium): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct…
CVE-2013-4027 — CVSS 6.5 (medium): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass…
CVE-2018-2028 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the…
CVE-2023-32333 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force…
CVE-2024-45077 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user…
CVE-2013-5465 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336…
CVE-2011-4816 — CVSS 6.5 (medium): SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM…
CVE-2024-45652 — CVSS 6.5 (medium): IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially…
CVE-2015-4967 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1…
CVE-2015-4966 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management…
CVE-2015-0107 — CVSS 6.5 (medium): IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8…
CVE-2024-45088 — CVSS 6.4 (medium): IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed…
CVE-2022-35645 — CVSS 6.4 (medium): IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site…
CVE-2018-1699 — CVSS 6.3 (medium): IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL…
CVE-2019-4650 — CVSS 6.3 (medium): IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which…
CVE-2019-4671 — CVSS 6.3 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements…
CVE-2017-1558 — CVSS 6.1 (medium): IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By…
CVE-2019-4644 — CVSS 6.1 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2016-5902 — CVSS 6.1 (medium): IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2013-4018 — CVSS 6.0 (medium): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to obtain…
CVE-2014-0849 — CVSS 6.0 (medium): IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow…
CVE-2014-3024 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo…
CVE-2013-5464 — CVSS 6.0 (medium): IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk…
CVE-2016-8924 — CVSS 5.6 (medium): IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate…
CVE-2022-35281 — CVSS 5.5 (medium): IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are…
CVE-2017-1352 — CVSS 5.5 (medium): IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by…
CVE-2025-2986 — CVSS 5.5 (medium): IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed…
CVE-2016-0262 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0…
CVE-2015-5017 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management…
CVE-2015-7396 — CVSS 5.4 (medium): The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before…
CVE-2015-7448 — CVSS 5.4 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3…
CVE-2015-7451 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset…
CVE-2016-0399 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before…
CVE-2016-5905 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote…
CVE-2016-6072 — CVSS 5.4 (medium): IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2017-1208 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2017-1291 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this…
CVE-2018-1415 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2018-1554 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2018-1584 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2018-1686 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2018-1715 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2018-1872 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2019-4303 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2019-4446 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request…
CVE-2019-4486 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2019-4749 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2020-4223 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2021-20374 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed…
CVE-2021-29743 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed…
CVE-2021-29744 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2022-22435 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-22436 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2022-35714 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2022-43866 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2023-27864 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which…
CVE-2023-32332 — CVSS 5.4 (medium): IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker…
CVE-2023-32337 — CVSS 5.4 (medium): IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to…
CVE-2017-1292 — CVSS 5.3 (medium): IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further…
CVE-2023-27860 — CVSS 5.3 (medium): IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in…
CVE-2016-0393 — CVSS 5.3 (medium): IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain…
CVE-2022-41734 — CVSS 5.3 (medium): IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical…
CVE-2016-5896 — CVSS 5.3 (medium): IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
CVE-2018-1698 — CVSS 5.3 (medium): IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages…
CVE-2016-5987 — CVSS 5.3 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain…
CVE-2011-1394 — CVSS 5.0 (medium): IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM…
CVE-2014-4765 — CVSS 5.0 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through…
CVE-2013-4013 — CVSS 5.0 (medium): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive…
CVE-2015-1934 — CVSS 5.0 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management…
CVE-2014-3084 — CVSS 4.9 (medium): IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3…
CVE-2017-1357 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to…
CVE-2015-7452 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1…
CVE-2012-3326 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management…
CVE-2015-5051 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1…
CVE-2016-8987 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have…
CVE-2018-1528 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM…
CVE-2012-3327 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through…
CVE-2011-4818 — CVSS 4.3 (medium): Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated…
CVE-2018-1697 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM…
CVE-2020-4526 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious…
CVE-2011-4819 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allow…
CVE-2012-0195 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset…
CVE-2011-1395 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5…
CVE-2015-5016 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset…
CVE-2012-3333 — CVSS 4.3 (medium): CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x…
CVE-2016-0222 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read…
CVE-2019-4056 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious…
CVE-2014-0893 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud…
CVE-2019-4745 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to…
CVE-2019-4583 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that…
CVE-2015-0108 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through…
CVE-2013-4014 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5…
CVE-2011-1396 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote…
CVE-2019-4512 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks…
CVE-2016-0289 — CVSS 4.3 (medium): shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote…
CVE-2019-4582 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a…
CVE-2012-3313 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset…
CVE-2023-47718 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an…
CVE-2015-7487 — CVSS 4.1 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management…
CVE-2013-3971 — CVSS 4.0 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access…
CVE-2013-5383 — CVSS 4.0 (medium): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain…
CVE-2012-2185 — CVSS 4.0 (medium): IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request…
CVE-2013-5382 — CVSS 4.0 (medium): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain…
CVE-2011-4817 — CVSS 4.0 (medium): The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset…
CVE-2013-4020 — CVSS 4.0 (medium): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to bypass…
CVE-2013-3972 — CVSS 4.0 (medium): IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information…
CVE-2013-3049 — CVSS 4.0 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access…
CVE-2014-6194 — CVSS 4.0 (medium): Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6…
CVE-2015-4965 — CVSS 4.0 (medium): maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and…
CVE-2015-7395 — CVSS 4.0 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management…
CVE-2025-2987 — CVSS 3.8 (low): IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send…
CVE-2023-32335 — CVSS 3.7 (low): IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may…
CVE-2023-32334 — CVSS 3.7 (low): IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters. This…
CVE-2014-3025 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5…
CVE-2015-4944 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0…
CVE-2014-0915 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5…
CVE-2013-4019 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote…
CVE-2012-3322 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through…
CVE-2013-3048 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3…
CVE-2015-0109 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through…
CVE-2013-5460 — CVSS 3.5 (low): IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote…
CVE-2013-6741 — CVSS 3.5 (low): IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before…
CVE-2014-0824 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before…
CVE-2014-0825 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x…
CVE-2014-0914 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset…
CVE-2014-3026 — CVSS 3.5 (low): CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for…
CVE-2013-0457 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control…
CVE-2013-2998 — CVSS 3.5 (low): frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before…
CVE-2012-0746 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management…
CVE-2012-3316 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5…
CVE-2013-5402 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo…
CVE-2017-1176 — CVSS 3.3 (low): IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention…
CVE-2024-22333 — CVSS 3.3 (low): IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read…
CVE-2017-1124 — CVSS 2.9 (low): IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM…
CVE-2015-1951 — CVSS 2.1 (low): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching…
CVE-2013-5380 — CVSS 2.1 (low): IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive…
CVE-2014-6102 — CVSS 2.1 (low): IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1…
CVE-2015-1933 — CVSS 2.1 (low): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management…
CVE-2019-4048 — CVSS 2.1 (low): IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same…