Vulnerabilities > IBM > Maximo FOR OIL AND GAS

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2019-4364 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system.
network
low complexity
ibm CWE-1236
8.0
2019-06-19 CVE-2019-4303 Cross-site Scripting vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-06-06 CVE-2019-4056 Unrestricted Upload of File with Dangerous Type vulnerability in IBM products
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files.
network
low complexity
ibm CWE-434
4.3
2019-06-06 CVE-2019-4048 Improper Privilege Management vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine.
low complexity
ibm CWE-269
2.1
2019-06-06 CVE-2018-2028 Cleartext Storage of Sensitive Information vulnerability in IBM products
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information.
network
low complexity
ibm CWE-312
6.5
2018-08-06 CVE-2018-1528 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API.
network
low complexity
ibm CWE-200
4.3
2018-08-03 CVE-2018-1524 Insecure Default Initialization of Resource vulnerability in IBM products
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system.
network
low complexity
ibm CWE-1188
8.8
2018-03-27 CVE-2015-5016 Information Exposure vulnerability in IBM products
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors.
network
low complexity
ibm CWE-200
4.3
2017-04-24 CVE-2015-0107 Path Traversal vulnerability in IBM products
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
network
low complexity
ibm CWE-22
6.5
2017-04-24 CVE-2015-0104 Improper Access Control vulnerability in IBM products
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
network
low complexity
ibm CWE-284
8.8