Vulnerabilities > IBM > Maximo Asset Management > 7.1.2

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-4409 Open Redirect vulnerability in IBM products
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.
network
low complexity
ibm CWE-601
8.2
8.2
2017-03-07 CVE-2017-1124 Information Exposure vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection.
local
high complexity
ibm CWE-200
2.9
2.9
2016-11-30 CVE-2016-5987 Improper Input Validation vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.
network
low complexity
ibm CWE-20
5.3
5.3
2016-07-02 CVE-2016-0399 Cross-site Scripting vulnerability in IBM Maximo Asset Management
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
5.4