Vulnerabilities > IBM > Control Desk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-22330 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Control Desk IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
| 2021-05-10 | CVE-2021-20559 | Cross-site Scripting vulnerability in IBM Control Desk 7.6.1.2/7.6.1.3 IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. | 3.5 |
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 5.8 |
| 2020-04-17 | CVE-2019-4749 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 3.5 |
| 2020-04-17 | CVE-2019-4644 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2019-4446 | Missing Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. | 5.5 |
| 2020-02-19 | CVE-2019-4429 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. | 3.5 |
| 2019-10-09 | CVE-2019-4512 | Information Exposure Through an Error Message vulnerability in IBM products IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.0 |
| 2019-06-19 | CVE-2019-4364 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. | 8.0 |
| 2019-06-19 | CVE-2019-4303 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |