Vulnerabilities > IBM > Maximo Asset Management > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2023-32337 Server-Side Request Forgery (SSRF) vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.4
5.4
2023-09-08 CVE-2023-32332 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
5.4
2023-06-05 CVE-2023-32334 Unspecified vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8.0 stores sensitive information in URL parameters.
network
low complexity
ibm
5.3
5.3
2023-05-05 CVE-2022-43866 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2023-04-28 CVE-2023-27864 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
5.4
5.4
2023-04-27 CVE-2023-27860 Information Exposure Through an Error Message vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message.
network
low complexity
ibm CWE-209
5.3
5.3
2023-03-02 CVE-2022-35645 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-05-03 CVE-2021-29854 Improper Encoding or Escaping of Output vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
ibm CWE-116
4.3
4.3
2022-02-18 CVE-2021-38935 Weak Password Requirements vulnerability in IBM Maximo Asset Management 7.6.1.2
IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
network
low complexity
ibm CWE-521
5.0
5.0
2020-09-16 CVE-2020-4409 Open Redirect vulnerability in IBM products
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack.
network
ibm CWE-601
5.8
5.8