Vulnerabilities > IBM > Maximo FOR Aviation > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-17 CVE-2019-4749 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2020-04-17 CVE-2019-4644 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2020-04-17 CVE-2019-4446 Unspecified vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters.
network
low complexity
ibm
5.4
2020-02-24 CVE-2019-4745 Incorrect Authorization vulnerability in IBM products
IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL.
network
low complexity
ibm CWE-863
4.3
2020-02-19 CVE-2019-4429 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-10-24 CVE-2019-4486 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-10-09 CVE-2019-4512 Information Exposure Through an Error Message vulnerability in IBM products
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system.
network
low complexity
ibm CWE-209
4.3
2019-06-19 CVE-2019-4303 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-06-06 CVE-2019-4056 Unrestricted Upload of File with Dangerous Type vulnerability in IBM products
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files.
network
low complexity
ibm CWE-434
4.3
2019-06-06 CVE-2018-2028 Cleartext Storage of Sensitive Information vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information.
network
low complexity
ibm CWE-312
6.5