Vulnerabilities > IBM > Maximo Asset Management > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2018-2028 | Cleartext Storage of Sensitive Information vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. | 6.5 |
| 2018-12-05 | CVE-2018-1697 | Information Exposure vulnerability in IBM Maximo Asset Management 7.6 IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. | 4.3 |
| 2018-11-28 | CVE-2018-1584 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-11-09 | CVE-2018-1872 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6 IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-10-05 | CVE-2018-1686 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. | 5.4 |
| 2018-09-13 | CVE-2018-1698 | Information Exposure vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. | 5.3 |
| 2018-08-16 | CVE-2018-1715 | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.2/7.6.1.3 IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. | 5.4 |
| 2018-08-06 | CVE-2018-1528 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. | 4.3 |
| 2018-08-02 | CVE-2018-1554 | Cross-site Scripting vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-03-27 | CVE-2015-5016 | Information Exposure vulnerability in IBM products IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. | 4.3 |