Vulnerabilities > IBM > Maximo Asset Management > 7.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 8.2 |
| 2020-02-18 | CVE-2013-3323 | Improper Privilege Management vulnerability in IBM products A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | 9.8 |
| 2018-03-27 | CVE-2015-5016 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. | 4.3 |
| 2017-12-13 | CVE-2017-1558 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2017-09-12 | CVE-2017-1352 | Command Injection vulnerability in IBM Maximo Asset Management 7.5/7.6 IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. | 5.5 |
| 2017-07-05 | CVE-2017-1208 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2017-07-05 | CVE-2017-1176 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. | 3.3 |
| 2017-07-05 | CVE-2017-1175 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. | 9.8 |
| 2017-06-13 | CVE-2016-9984 | Permissions, Privileges, and Access Controls vulnerability in IBM Maximo Asset Management 7.5/7.6 IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. | 8.8 |
| 2017-06-08 | CVE-2016-8987 | Information Exposure vulnerability in IBM Maximo Asset Management 7.1/7.5/7.6 IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. | 4.3 |