Vulnerabilities > IBM > Maximo Asset Management > 7.6.1.1

DATE CVE VULNERABILITY TITLE RISK
2020-09-15 CVE-2020-4526 Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
4.3
2020-09-15 CVE-2020-4521 Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java.
network
low complexity
ibm CWE-502
8.8
8.8
2020-09-15 CVE-2019-4671 SQL Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3
6.3
2020-06-26 CVE-2020-4223 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-06-26 CVE-2019-4650 SQL Injection vulnerability in IBM Maximo Asset Management 7.6.1.1
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3
6.3
2020-05-12 CVE-2019-4478 Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to.
network
low complexity
ibm
6.5
6.5
2020-04-17 CVE-2019-4749 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-04-17 CVE-2019-4644 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2020-04-17 CVE-2019-4446 Unspecified vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters.
network
low complexity
ibm
5.4
5.4
2020-02-20 CVE-2019-4583 Information Exposure Through an Error Message vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks.
network
low complexity
ibm CWE-209
4.3
4.3