Vulnerabilities > IBM > Maximo Asset Management > 7.6.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-29743 | Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. | 5.4 |
| 2021-08-12 | CVE-2021-20509 | Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. | 9.8 |
| 2020-10-05 | CVE-2020-4493 | Unspecified vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. | 9.8 |
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 8.2 |
| 2020-09-15 | CVE-2020-4526 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2020-09-15 | CVE-2020-4521 | Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java. | 8.8 |
| 2020-09-15 | CVE-2019-4671 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection. | 6.3 |
| 2020-07-13 | CVE-2019-4591 | Session Fixation vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 7.8 |
| 2020-06-08 | CVE-2020-4529 | Server-Side Request Forgery (SSRF) vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1.0 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). | 7.4 |
| 2020-02-24 | CVE-2019-4745 | Incorrect Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. | 4.3 |