Vulnerabilities > IBM > Maximo Asset Management > 7.1.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 5.8 |
| 2017-03-07 | CVE-2017-1124 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. | 1.9 |
| 2016-11-30 | CVE-2016-5987 | Improper Input Validation vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message. | 5.0 |
| 2016-07-02 | CVE-2016-0399 | Cross-site Scripting vulnerability in IBM Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2016-03-14 | CVE-2016-0262 | Cross-site Scripting vulnerability in IBM Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |