Vulnerabilities > IBM > Maximo Asset Management

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2021-38935 Weak Password Requirements vulnerability in IBM Maximo Asset Management 7.6.1.2
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
7.5
2021-08-30 CVE-2021-29743 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2021-08-27 CVE-2021-29744 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2021-08-12 CVE-2021-20509 Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection.
network
low complexity
ibm CWE-74
critical
9.8
2021-05-19 CVE-2021-20374 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0/7.6.1
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2020-10-05 CVE-2020-4493 Unspecified vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command.
network
low complexity
ibm
critical
9.8
2020-09-16 CVE-2020-4409 Open Redirect vulnerability in IBM products
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.
network
low complexity
ibm CWE-601
8.2
2020-09-15 CVE-2020-4526 Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
2020-09-15 CVE-2020-4521 Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java.
network
low complexity
ibm CWE-502
8.8
2020-09-15 CVE-2019-4671 SQL Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3