Vulnerabilities > IBM > Maximo Asset Management

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-29743 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2021-08-27 CVE-2021-29744 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2021-08-12 CVE-2021-20509 Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection.
network
low complexity
ibm CWE-74
critical
 9.8
9.8
2021-05-19 CVE-2021-20374 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0/7.6.1
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-10-05 CVE-2020-4493 Unspecified vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command.
network
low complexity
ibm
critical
 9.8
9.8
2020-09-16 CVE-2020-4409 Open Redirect vulnerability in IBM products
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.
network
low complexity
ibm CWE-601
8.2
8.2
2020-09-15 CVE-2020-4526 Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
4.3
2020-09-15 CVE-2020-4521 Deserialization of Untrusted Data vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in Java.
network
low complexity
ibm CWE-502
8.8
8.8
2020-09-15 CVE-2019-4671 SQL Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3
6.3
2020-08-13 CVE-2019-4582 Path Traversal vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.0.1
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
4.3
4.3