Vulnerabilities > IBM > Maximo Asset Management > 7.6.1.1

DATE CVE VULNERABILITY TITLE RISK
2020-09-15 CVE-2019-4671 SQL Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.5
6.5
2020-06-26 CVE-2020-4223 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2020-06-26 CVE-2019-4650 SQL Injection vulnerability in IBM Maximo Asset Management 7.6.1.1
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. 		6.5
6.5
2020-05-12 CVE-2019-4478 Information Exposure vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to.
network
low complexity
ibm CWE-200
4.0
4.0
2020-04-17 CVE-2019-4749 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2020-04-17 CVE-2019-4644 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2020-04-17 CVE-2019-4446 Missing Authorization vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters.
network
low complexity
ibm CWE-862
5.5
5.5
2020-02-20 CVE-2019-4583 Information Exposure Through an Error Message vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks.
network
low complexity
ibm CWE-209
4.0
4.0
2019-11-20 CVE-2019-4530 Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1
IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to.
network
low complexity
ibm
5.5
5.5
2019-10-09 CVE-2019-4512 Information Exposure Through an Error Message vulnerability in IBM products
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system.
network
low complexity
ibm CWE-209
4.0
4.0