Vulnerabilities > IBM > Maximo Asset Management > 7.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-1686 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. | 5.4 |
| 2018-09-13 | CVE-2018-1698 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. | 5.3 |
| 2018-08-24 | CVE-2018-1699 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. | 8.8 |
| 2018-03-27 | CVE-2015-5016 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. | 4.3 |
| 2017-12-13 | CVE-2017-1558 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2017-09-12 | CVE-2017-1352 | Command Injection vulnerability in IBM Maximo Asset Management 7.5/7.6 IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. | 5.5 |
| 2017-07-05 | CVE-2017-1208 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2017-07-05 | CVE-2017-1176 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. | 3.3 |
| 2017-07-05 | CVE-2017-1175 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. | 9.8 |
| 2017-06-13 | CVE-2016-9984 | Permissions, Privileges, and Access Controls vulnerability in IBM Maximo Asset Management 7.5/7.6 IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. | 8.8 |