Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:maximo_asset_management:7.1.1.8
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-4765 |
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message. Published: October 01, 2014; 8:55:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-3084 |
IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2.8, 7.1, and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended write-access restrictions on calendar entries via unspecified vectors. Published: August 29, 2014; 5:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-3024 |
Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 through 7.5.0.6 and Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk allows remote authenticated users to hijack the authentication of arbitrary users. Published: August 29, 2014; 5:55:07 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2014-3025 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via unspecified input to a .jsp file under webclient/utility/. Published: July 30, 2014; 7:15:33 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-0915 |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.2, and 7.2 for Tivoli Asset Management for IT and certain other products allow remote authenticated users to inject arbitrary web script or HTML via (1) the KPI display name field or (2) a portlet field. Published: July 30, 2014; 7:15:33 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-0914 |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management for IT and Maximo Service Desk allows remote authenticated users to inject arbitrary web script or HTML via the Query Description Field. Published: July 30, 2014; 7:15:33 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-0849 |
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups. Published: May 26, 2014; 12:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2014-0825 |
Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter. Published: May 26, 2014; 12:55:03 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-0824 |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via an attachment URL. Published: May 26, 2014; 12:55:03 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-5460 |
IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors. Published: May 26, 2014; 12:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-2998 |
frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code. Published: May 26, 2014; 7:14:51 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-3333 |
CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter in a URL. Published: May 26, 2014; 7:14:51 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-5402 |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: December 18, 2013; 11:04:33 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-5395 |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to bypass intended access restrictions via unspecified vectors. Published: October 01, 2013; 7:14:44 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-5383 |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382. Published: October 01, 2013; 7:14:44 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-5382 |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383. Published: October 01, 2013; 7:14:44 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-5381 |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. Published: October 01, 2013; 7:14:44 AM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2013-5380 |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors. Published: October 01, 2013; 7:14:44 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-4027 |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Published: October 01, 2013; 7:14:44 AM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2013-4021 |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to conduct unspecified file-inclusion attacks via unknown vectors. Published: October 01, 2013; 7:14:44 AM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |