Vulnerabilities > IBM > Maximo Asset Management > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-22436 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2
IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2021-08-30 CVE-2021-29743 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2021-08-27 CVE-2021-29744 Cross-site Scripting vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2021-05-19 CVE-2021-20374 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0/7.6.1
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-09-15 CVE-2020-4526 Cross-Site Request Forgery (CSRF) vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
4.3
2020-09-15 CVE-2019-4671 SQL Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3
6.3
2020-08-13 CVE-2019-4582 Path Traversal vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.0.1
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
4.3
4.3
2020-06-26 CVE-2020-4223 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2020-06-26 CVE-2019-4650 SQL Injection vulnerability in IBM Maximo Asset Management 7.6.1.1
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3
6.3
2020-05-12 CVE-2019-4478 Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1
IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to.
network
low complexity
ibm
6.5
6.5