Vulnerabilities > IBM > Maximo FOR OIL AND GAS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 5.8 |
| 2020-04-17 | CVE-2019-4749 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 3.5 |
| 2020-04-17 | CVE-2019-4644 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 4.3 |
| 2020-04-17 | CVE-2019-4446 | Missing Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. | 5.5 |
| 2020-02-24 | CVE-2019-4745 | Incorrect Authorization vulnerability in IBM products IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. | 4.0 |
| 2020-02-19 | CVE-2019-4429 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. | 3.5 |
| 2020-02-18 | CVE-2013-3323 | Improper Privilege Management vulnerability in IBM products A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | 6.8 |
| 2019-10-29 | CVE-2019-4546 | Improper Privilege Management vulnerability in IBM products After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. | 6.5 |
| 2019-10-24 | CVE-2019-4486 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 3.5 |
| 2019-10-09 | CVE-2019-4512 | Information Exposure Through an Error Message vulnerability in IBM products IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.0 |