Vulnerabilities > IBM > Maximo FOR Aviation > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-06 CVE-2018-1528 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API.
network
low complexity
ibm CWE-200
4.3
2018-03-27 CVE-2015-5016 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors.
network
low complexity
ibm CWE-200
4.3
2017-02-08 CVE-2016-5902 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-6072 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5896 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
network
low complexity
ibm CWE-200
5.3