Vulnerabilities > IBM > Medium

DATE CVE VULNERABILITY TITLE RISK
2013-10-01 CVE-2013-4017 SQL Injection vulnerability in IBM Maximo Asset Management
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5
2013-10-01 CVE-2013-4014 Cross-Site Scripting vulnerability in IBM Maximo Asset Management
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
ibm CWE-79
4.3
4.3
2013-10-01 CVE-2013-4013 Unspecified vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
ibm
5.0
5.0
2013-10-01 CVE-2013-3973 SQL Injection vulnerability in IBM Maximo Asset Management
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5
2013-10-01 CVE-2013-3972 Information Exposure vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to obtain sensitive information via unspecified vectors.
network
low complexity
ibm CWE-200
4.0
4.0
2013-10-01 CVE-2013-3971 Permissions, Privileges, and Access Controls vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049.
network
low complexity
ibm CWE-264
4.0
4.0
2013-10-01 CVE-2013-3049 Unspecified vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3971.
network
low complexity
ibm
4.0
4.0
2013-10-01 CVE-2013-3047 Unspecified vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors.
network
low complexity
ibm
6.5
6.5
2013-10-01 CVE-2013-0451 SQL Injection vulnerability in IBM Maximo Asset Management
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
ibm CWE-89
6.5
6.5
2013-10-01 CVE-2012-3323 Permissions, Privileges, and Access Controls vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.
network
ibm CWE-264
6.8
6.8