Vulnerabilities > IBM > Maximo Asset Management > 7.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-19 | CVE-2021-20374 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0/7.6.1 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. | 3.5 |
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 5.8 |
| 2020-09-15 | CVE-2020-4526 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-09-15 | CVE-2020-4521 | Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. | 9.0 |
| 2020-09-15 | CVE-2019-4671 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. | 6.5 |
| 2020-04-17 | CVE-2019-4446 | Missing Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. | 5.5 |