Vulnerabilities > IBM > Maximo Asset Management

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-4463 XXE vulnerability in IBM Maximo Asset Management 7.6.0.1/7.6.0.2
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.2
8.2
2020-07-13 CVE-2019-4591 Session Fixation vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system.
local
low complexity
ibm CWE-384
7.8
7.8
2020-06-26 CVE-2020-4223 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-06-26 CVE-2019-4650 SQL Injection vulnerability in IBM Maximo Asset Management 7.6.1.1
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3
6.3
2020-06-08 CVE-2020-4529 Server-Side Request Forgery (SSRF) vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1.0
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF).
network
low complexity
ibm CWE-918
7.4
7.4
2020-05-12 CVE-2019-4478 Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to.
network
low complexity
ibm
6.5
6.5
2020-04-17 CVE-2019-4749 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-04-17 CVE-2019-4644 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2020-04-17 CVE-2019-4446 Unspecified vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters.
network
low complexity
ibm
5.4
5.4
2020-02-24 CVE-2019-4745 Incorrect Authorization vulnerability in IBM products
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL.
network
low complexity
ibm CWE-863
4.3
4.3