Vulnerabilities > IBM > Maximo Asset Management > 7.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-12 | CVE-2021-20509 | Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. | 9.8 |
| 2021-05-19 | CVE-2021-20374 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0/7.6.1 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. | 5.4 |
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 8.2 |
| 2020-09-15 | CVE-2020-4526 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-09-15 | CVE-2020-4521 | Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. | 8.8 |
| 2020-09-15 | CVE-2019-4671 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. | 6.3 |
| 2020-05-12 | CVE-2019-4478 | Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1 IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. | 6.5 |
| 2020-04-17 | CVE-2019-4446 | Unspecified vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. | 5.4 |
| 2019-11-20 | CVE-2019-4530 | Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1 IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. | 6.5 |
| 2018-10-05 | CVE-2018-1686 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. | 5.4 |