Vulnerabilities > IBM > Maximo Asset Management > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-17 | CVE-2019-4749 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2020-04-17 | CVE-2019-4644 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 6.1 |
| 2020-04-17 | CVE-2019-4446 | Unspecified vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. | 5.4 |
| 2020-02-24 | CVE-2019-4745 | Incorrect Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. | 4.3 |
| 2020-02-20 | CVE-2019-4583 | Information Exposure Through an Error Message vulnerability in IBM Maximo Asset Management 7.6.0.10/7.6.1.1 IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. | 4.3 |
| 2019-11-20 | CVE-2019-4530 | Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1 IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. | 6.5 |
| 2019-10-24 | CVE-2019-4486 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2019-10-09 | CVE-2019-4512 | Information Exposure Through an Error Message vulnerability in IBM products IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.3 |
| 2019-06-19 | CVE-2019-4303 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2019-06-06 | CVE-2019-4056 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM products IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. | 4.3 |