Vulnerabilities > IBM > Maximo Asset Management > 7.6.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-13 | CVE-2018-1698 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. | 5.0 |
| 2018-08-24 | CVE-2018-1699 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. | 6.5 |
| 2018-08-16 | CVE-2018-1715 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. | 3.5 |
| 2018-08-06 | CVE-2018-1528 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. | 4.0 |
| 2018-08-03 | CVE-2018-1524 | Insecure Default Initialization of Resource vulnerability in IBM products IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. | 9.0 |
| 2018-08-02 | CVE-2018-1554 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 3.5 |
| 2017-08-09 | CVE-2017-1357 | Improper Input Validation vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. | 4.0 |
| 2017-03-07 | CVE-2017-1124 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. | 1.9 |
| 2016-11-30 | CVE-2016-5987 | Improper Input Validation vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message. | 5.0 |
| 2016-11-30 | CVE-2016-5905 | Cross-site Scripting vulnerability in IBM Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |