Vulnerabilities > IBM > Maximo Asset Management > 7.6.1.2

DATE CVE VULNERABILITY TITLE RISK
2022-08-26 CVE-2022-35714 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.1/7.6.1.2
IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-05-03 CVE-2021-29854 Improper Encoding or Escaping of Output vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
7.2
2022-04-21 CVE-2022-22435 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-04-21 CVE-2022-22436 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2022-02-18 CVE-2021-38935 Weak Password Requirements vulnerability in IBM Maximo Asset Management 7.6.1.2
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2018-10-05 CVE-2018-1686 Cross-site Scripting vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-09-13 CVE-2018-1698 Information Exposure vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages.
network
low complexity
ibm CWE-200
5.3
2018-08-24 CVE-2018-1699 SQL Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2018-08-16 CVE-2018-1715 Cross-site Scripting vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2018-08-06 CVE-2018-1528 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API.
network
low complexity
ibm CWE-200
4.3