Vulnerabilities > IBM > Maximo Asset Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-1686 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. | 3.5 |
| 2018-09-13 | CVE-2018-1698 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. | 5.0 |
| 2018-08-24 | CVE-2018-1699 | SQL Injection vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection. | 6.5 |
| 2018-08-16 | CVE-2018-1715 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. | 3.5 |
| 2018-08-06 | CVE-2018-1528 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. | 4.0 |
| 2018-08-03 | CVE-2018-1524 | Insecure Default Initialization of Resource vulnerability in IBM products IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. | 9.0 |
| 2018-08-02 | CVE-2018-1554 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 3.5 |
| 2018-03-27 | CVE-2015-5016 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. | 4.0 |
| 2018-02-22 | CVE-2018-1415 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 3.5 |
| 2018-02-22 | CVE-2018-1414 | SQL Injection vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. | 6.5 |