Ibm Smartcloud Control Desk — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Smartcloud Control Desk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (65)
CVE-2013-3323 — CVSS 9.8 (critical): A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is…
CVE-2018-1524 — CVSS 8.8 (high): IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain…
CVE-2019-4364 — CVSS 8.0 (high): IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary…
CVE-2012-0714 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli…
CVE-2012-2183 — CVSS 6.8 (medium): Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management…
CVE-2012-2184 — CVSS 6.8 (medium): Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management…
CVE-2012-3321 — CVSS 6.5 (medium): IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired…
CVE-2015-4966 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management…
CVE-2013-5465 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336…
CVE-2013-4016 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749…
CVE-2012-6355 — CVSS 6.5 (medium): IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through…
CVE-2012-6356 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users…
CVE-2012-6357 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users…
CVE-2012-0727 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli…
CVE-2012-0728 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for…
CVE-2012-0747 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for…
CVE-2018-2028 — CVSS 6.5 (medium): IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the…
CVE-2015-4967 — CVSS 6.5 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1…
CVE-2013-5464 — CVSS 6.0 (medium): IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006 and SmartCloud Control Desk…
CVE-2014-0849 — CVSS 6.0 (medium): IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow…
CVE-2014-3024 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo…
CVE-2019-4429 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2015-5017 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management…
CVE-2015-7396 — CVSS 5.4 (medium): The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before…
CVE-2015-7451 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset…
CVE-2015-7448 — CVSS 5.4 (medium): SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3…
CVE-2019-4486 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2019-4303 — CVSS 5.4 (medium): IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2016-6072 — CVSS 5.4 (medium): IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2014-4765 — CVSS 5.0 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through…
CVE-2015-1934 — CVSS 5.0 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management…
CVE-2014-3084 — CVSS 4.9 (medium): IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3…
CVE-2019-4512 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks…
CVE-2012-3327 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through…
CVE-2012-3326 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management…
CVE-2019-4056 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious…
CVE-2018-1528 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM…
CVE-2014-0893 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud…
CVE-2012-3313 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset…
CVE-2015-5051 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1…
CVE-2016-0222 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read…
CVE-2015-7452 — CVSS 4.3 (medium): IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1…
CVE-2012-3333 — CVSS 4.3 (medium): CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x…
CVE-2015-7487 — CVSS 4.1 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management…
CVE-2014-6194 — CVSS 4.0 (medium): Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6…
CVE-2015-4965 — CVSS 4.0 (medium): maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and…
CVE-2015-7395 — CVSS 4.0 (medium): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management…
CVE-2012-2185 — CVSS 4.0 (medium): IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request…
CVE-2013-2998 — CVSS 3.5 (low): frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before…
CVE-2015-4944 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0…
CVE-2013-5402 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo…
CVE-2012-3316 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5…
CVE-2012-3322 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through…
CVE-2014-3026 — CVSS 3.5 (low): CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for…
CVE-2014-3025 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5…
CVE-2014-0915 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5…
CVE-2014-0914 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset…
CVE-2014-0825 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x…
CVE-2013-0457 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control…
CVE-2013-6741 — CVSS 3.5 (low): IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before…
CVE-2013-5460 — CVSS 3.5 (low): IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote…
CVE-2012-0746 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management…
CVE-2015-1933 — CVSS 2.1 (low): IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management…
CVE-2014-6102 — CVSS 2.1 (low): IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1…
CVE-2019-4048 — CVSS 2.1 (low): IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same…