Vulnerabilities > IBM > Maximo FOR Life Sciences > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-08-06 CVE-2018-1528 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API.
network
low complexity
ibm CWE-200
4.3
2018-03-27 CVE-2015-5016 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors.
network
low complexity
ibm CWE-200
4.3
2017-04-24 CVE-2015-0107 Path Traversal vulnerability in IBM products
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
network
low complexity
ibm CWE-22
6.5
2017-02-08 CVE-2016-5902 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
2017-02-01 CVE-2016-6072 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5896 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser.
network
low complexity
ibm CWE-200
5.3
2016-03-14 CVE-2016-0222 Improper Access Control vulnerability in IBM products
IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.
network
low complexity
ibm CWE-284
4.3
2016-03-12 CVE-2015-7448 SQL Injection vulnerability in IBM products
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
5.4
2016-01-27 CVE-2015-7487 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files.
local
high complexity
ibm CWE-200
4.1
2016-01-03 CVE-2015-5051 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors.
network
low complexity
ibm CWE-264
4.3