Vulnerabilites related to ibm - control_desk
Vulnerability from fkie_nvd
Published
2020-04-17 14:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/170880 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6191583 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/170880 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6191583 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista, conllevando a una divulgaci\u00f3n de credenciales en una sesi\u00f3n confiable. IBM X-Force ID: 170880."
}
],
"id": "CVE-2019-4644",
"lastModified": "2024-11-21T04:43:54.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-17T14:15:17.833",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-19 14:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/108910 | Broken Link, Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/161680 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10887557 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108910 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/161680 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10887557 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.6 | |
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a la inyecci\u00f3n de CSV, lo que podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. ID de IBM X-Force: 161680."
}
],
"id": "CVE-2019-4364",
"lastModified": "2024-11-21T04:43:30.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T14:15:11.020",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108910"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-27 17:29
Modified
2024-11-21 02:32
Severity ?
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21971160 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21971160 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/106460 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE721CF9-0F75-410B-A0F4-542041E25925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85457F6C-80FE-4E9F-BAB6-58B0485D8B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "598EAB6C-7D41-46FE-BB32-D31014CA01D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FE69C7-D7C4-4707-B3EF-AC290F2CF92D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8673B0-D385-467A-A60C-90A436C976D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4908AC9D-7410-47A6-BC46-5587C60061A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796CF9E-0065-4DE2-8C7A-22EB76F65E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75C69BA7-055F-446B-9E76-398D57680BA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F780ADF-3151-4B2C-98B9-7FFD0DB47A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4367602D-5736-459D-82C1-099CD484F2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7759191C-5D16-4937-BC80-5A47FE4F9DD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B315997-8DD3-4244-B292-68568FB82CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "360D781D-AD52-4309-A484-2150B10DFB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "764D9D95-26A8-441E-95E1-55C9CDEA59BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "012787EB-E7F0-4CAD-B406-6057A7F6F14F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1480E9F7-9CA1-4F8D-977F-0F13594D0D36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33E903B1-43FE-4120-95E1-2108B630D49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6282F8E2-9EFD-4CBE-8732-22659413B149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "013D299A-6A9C-44C7-B49C-A4115F4C13E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_asset_management_for_it:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5C1BCF-1DC0-45E7-B624-9221F8610346",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235AE987-A109-4996-B43A-38C1BE23F37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_service_request_manager:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "95FF438A-31FC-44DD-AC14-C9332F0B0A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF3DBFF-A377-4147-A6EB-BEC6F38FD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:change_and_configuration_management_database:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83470AC7-A06B-4443-9E60-B0AA18B69AC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management 7.1, 7.5 y 7.6; Maximo Asset Management Essentials 7.1 y 7.5; Control Desk 7.5 y 7.6; Tivoli Asset Management for IT 7.1 y 7.2; as\u00ed como otros productos de IBM permiten que usuarios autenticados remotos omitan las restricciones de acceso previstas y lean entradas del registro de tareas de tickets arbitrarias mediante vectores sin especificar. IBM X-Force ID: 106460."
}
],
"id": "CVE-2015-5016",
"lastModified": "2024-11-21T02:32:11.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-27T17:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-13 21:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/219124 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6619739 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/219124 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6619739 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | control_desk | 7.6.1 | |
| ibm | control_desk | 7.6.1.1 | |
| ibm | control_desk | 7.6.1.2 | |
| ibm | control_desk | 7.6.1.3 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5B811F-F8E6-4EE0-8498-0286367AEC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5000CCDD-F13A-4642-8469-4219CF6DB5F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124."
},
{
"lang": "es",
"value": "IBM Control Desk versi\u00f3n 7.6.1, no establece el atributo de seguridad en los tokens de autorizaci\u00f3n o las cookies de sesi\u00f3n. Los atacantes pueden ser capaces de obtener los valores de la cookie mediante el env\u00edo de un enlace http:// a un usuario o plantando este enlace en un sitio al que el usuario vaya. La cookie ser\u00e1 enviada al enlace no seguro y el atacante podr\u00e1 entonces obtener el valor de la cookie al espiar el tr\u00e1fico. IBM X-Force ID: 219124"
}
],
"id": "CVE-2022-22329",
"lastModified": "2024-11-21T06:46:39.167",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T21:15:08.977",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219124"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6619739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6619739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-17 14:15
Modified
2024-11-21 04:44
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/173308 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6193479 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/173308 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6193479 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "797807D9-2137-414A-BB28-46DBC0288161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8708C64F-7940-46E7-94FB-1D1CF3B864B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista, conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. IBM X-Force ID: 173308."
}
],
"id": "CVE-2019-4749",
"lastModified": "2024-11-21T04:44:06.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-17T14:15:17.957",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-17 14:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6190215 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6190215 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA9420-81DA-46BA-9E9D-839E226C868F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30EAD1D0-E949-488E-81BE-0C49C0E93757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant_on-premises:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28507169-71F2-4F97-BC1D-3A7935290762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45C84F5F-C612-4A0A-AD91-A4335496E934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6, podr\u00eda permitir a un usuario autentificado realizar acciones a las que no est\u00e1 autorizado al modificar los par\u00e1metros de petici\u00f3n. IBM X-Force ID: 163490."
}
],
"id": "CVE-2019-4446",
"lastModified": "2024-11-21T04:43:37.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-17T14:15:17.507",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156565 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880149 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156565 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880149 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Work Center de IBM Maximo Asset Management versi\u00f3n 7.6 no comprueba el tipo de archivo en la carga, lo que permite a los atacantes cargar archivos maliciosos. ID de IBM X-Force: 156565."
}
],
"id": "CVE-2019-4056",
"lastModified": "2024-11-21T04:43:05.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-06T01:29:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-13 21:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/219126 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6619739 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/219126 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6619739 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | control_desk | 7.6.1 | |
| ibm | control_desk | 7.6.1.1 | |
| ibm | control_desk | 7.6.1.2 | |
| ibm | control_desk | 7.6.1.3 | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5B811F-F8E6-4EE0-8498-0286367AEC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5000CCDD-F13A-4642-8469-4219CF6DB5F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126."
},
{
"lang": "es",
"value": "IBM Control Desk versi\u00f3n 7.6.1, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial, causada por el fallo en la configuraci\u00f3n del flag HTTPOnly. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial de la cookie. IBM X-Force ID: 219126"
}
],
"id": "CVE-2022-22330",
"lastModified": "2024-11-21T06:46:39.287",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-13T21:15:09.040",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219126"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6619739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6619739"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/164554 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1075413 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/164554 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1075413 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.6.1.1 | |
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5CE3F4-8ABE-4245-BD9E-8697B3E0171C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6.1.1, genera un mensaje de error que incluye informaci\u00f3n confidencial que podr\u00eda ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 164554."
}
],
"id": "CVE-2019-4512",
"lastModified": "2024-11-21T04:43:40.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:16.267",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-16 16:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/179537 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6333091 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/179537 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6333091 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "830412EF-C21D-4455-9396-06222B32F61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9EA821-8DC7-4D08-B516-CA8D0692DD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_configuration_manager:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FDF238-C29E-4F15-AB54-C90226BC0A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8E3FBA-9DBB-487E-99AD-5E1119150D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_health_insights:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4989C34-4B4E-4E53-A13E-13667DCBB19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63D81A1F-4A22-4DAD-B5BE-EA825DF9C4CB",
"versionEndExcluding": "7.6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD061C9-2D80-48CF-B660-68948B03F3C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28402BF3-15EC-41F5-AD53-EC196CF3F345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81A99155-0D86-4998-AC74-2FECE3AF277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "69E511EF-7DE6-42CA-848C-E0FF2D04AB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5021AA5-A4D4-4E5F-85A8-CFF038EBD9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management_scheduler_plus:7.6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B80B0192-3ECE-4B44-B060-F6CE54A744C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_calibration:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "768BB000-6ED2-4289-8BCA-66981EC95BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A20FB3-C352-4F5C-BD5A-5814BBA837DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_enterprise_adapter:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C2AB76-29C5-46BD-ABAD-37913D3A4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_equipment_maintenance_assistant:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEED2F57-E98D-479E-8303-2188AFA0C70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19405179-FDEF-4207-B12F-C39D49B49F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBE6121-5166-4C7A-B4BA-4D5F46720EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_service_providers:7.6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F66129CF-729D-4120-912E-E8109CF1E237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7240562-D72E-4D3E-B392-3FB870320B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C32832CB-63FC-4F9E-81A4-3A8CE2F98319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_linear_asset_manager:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F86AC-2C39-42DC-83EF-3BA2DBF99A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6CFC29-9FD2-4BE5-9A66-6FA6F94C0D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_network_on_blockchain:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC0DF05-9B84-45B8-924E-E4CB672F7C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D799591-F5D0-4B17-AE32-ABED616A65AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "095BBF20-1C8F-4FBC-8D72-3A3DB5A3F68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B3B2C5-E8D0-48A1-9837-40A627D7E742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_spatial_asset_management:7.6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E59EA84-F607-404B-A392-7D68C5672B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21C989DE-2E87-4941-B0DA-9381964E2292",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, podr\u00edan permitir a un atacante remoto conducir ataques de phishing usando un ataque de tabnabbing.\u0026#xa0;Al persuadir a una v\u00edctima de visitar un sitio web especialmente dise\u00f1ado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para redireccionar a un usuario a un sitio web malicioso que parecer\u00eda ser confiable.\u0026#xa0;Esto podr\u00eda permitir a un atacante obtener informaci\u00f3n altamente confidencial o conducir nuevos ataques contra la v\u00edctima.\u0026#xa0;IBM X-Force ID: 179537"
}
],
"id": "CVE-2020-4409",
"lastModified": "2024-11-21T05:32:42.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-16T16:15:15.030",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/156311 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880147 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/156311 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880147 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | control_desk | 7.6.1 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir a un usuario f\u00edsico del sistema obtener informaci\u00f3n confidencial de un usuario anterior de la misma m\u00e1quina. ID de IBM X-Force: 156311."
}
],
"id": "CVE-2019-4048",
"lastModified": "2024-11-21T04:43:05.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-06T01:29:00.290",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-19 14:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/108912 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/160949 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10887563 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108912 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/160949 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10887563 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | maximo_asset_management | 7.6 | |
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6 es vulnerable a cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. ID de IBM X-Force: 160949."
}
],
"id": "CVE-2019-4303",
"lastModified": "2024-11-21T04:43:26.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T14:15:10.973",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108912"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-19 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/162886 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1489053 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/162886 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1489053 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.1 | |
| ibm | control_desk | 7.6.1.1 | |
| ibm | maximo_anywhere | 7.6.0.0 | |
| ibm | maximo_anywhere | 7.6.1.0 | |
| ibm | maximo_for_aviation | 7.6.6 | |
| ibm | maximo_for_aviation | 7.6.7 | |
| ibm | maximo_for_aviation | 7.6.8 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.1 | |
| ibm | maximo_for_oil_and_gas | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_transportation | 7.6.2.5 | |
| ibm | maximo_for_utilities | 7.6.0.1 | |
| ibm | maximo_for_utilities | 7.6.0.2 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | 7.6.0.1 | |
| ibm | tivoli_integration_composer | 7.6.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7D6830-74DA-4524-8177-54CB2667A54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7C8399-A024-45CE-A2CD-658A2D99ABDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67CD3018-546A-4CFF-B28B-A7DF2EE71634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_anywhere:7.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E203B3E-6A26-40BD-8F72-B738D4BF6EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4317DA0E-678D-468F-8BE4-8BA20C01C588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB202BE-FF6E-49AC-84FF-F454361E5D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C05DA047-26F7-413E-8259-5F88C08AE2B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "532219AE-9F4D-49B0-A625-A690C9E8A7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "160EE7B0-4F54-41F7-9266-C22776783BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDF6664-537E-4CF8-9CCA-7C4746DE9B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F416A57-7B00-411D-B2D5-5BCB434568DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73EEADC8-01D0-4D80-83E4-1643603485CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "797807D9-2137-414A-BB28-46DBC0288161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8708C64F-7940-46E7-94FB-1D1CF3B864B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a un usuario insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 162886."
}
],
"id": "CVE-2019-4429",
"lastModified": "2024-11-21T04:43:35.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-19T16:15:11.187",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-06 01:29
Modified
2024-11-21 04:03
Severity ?
Summary
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/155554 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10880145 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/155554 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10880145 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.0 | |
| ibm | control_desk | 7.6.0.1 | |
| ibm | maximo_asset_management | 7.6 | |
| ibm | maximo_for_aviation | 7.6 | |
| ibm | maximo_for_aviation | 7.6.1 | |
| ibm | maximo_for_aviation | 7.6.2 | |
| ibm | maximo_for_aviation | 7.6.2.1 | |
| ibm | maximo_for_aviation | 7.6.3 | |
| ibm | maximo_for_life_sciences | 7.6 | |
| ibm | maximo_for_nuclear_power | 7.6.0 | |
| ibm | maximo_for_oil_and_gas | 7.6.0 | |
| ibm | maximo_for_transportation | 7.6.1 | |
| ibm | maximo_for_transportation | 7.6.2 | |
| ibm | maximo_for_transportation | 7.6.2.1 | |
| ibm | maximo_for_transportation | 7.6.2.2 | |
| ibm | maximo_for_transportation | 7.6.2.3 | |
| ibm | maximo_for_transportation | 7.6.2.4 | |
| ibm | maximo_for_utilities | 7.6 | |
| ibm | smartcloud_control_desk | - | |
| ibm | tivoli_integration_composer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62AA53A5-48EF-48A3-B783-ADEB9EC12FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869641DA-741B-4211-8D04-8AC41C90E6BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58B773C7-9386-4704-B85F-748578DBC242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC96757-682F-4EBF-83A7-7C85C451ED26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3DD406-9D43-4ED5-BCF4-C3B50F491F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4E98700E-2AF7-4B43-BE6A-D0D802931908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B45AB6-6823-43A2-8E6C-D7EA8DC83ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_aviation:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE914E8-7C57-4C3A-B41E-572C7722F256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA294D6-4D4D-4ADB-A05B-F578A8877A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD81DD67-6DFF-45EE-B311-AA04E31009C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC0B7A-1016-4BBA-B55C-A94F4997DD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74C43D0F-3434-4A57-94D8-4E9B01B034A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F88D5-A0A5-470F-8E8D-854274C8AEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "371D3C79-FAB3-4598-9568-88F45077F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9435DE-69E6-474C-AC93-0E18137C253D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36062812-7AD2-4908-94BA-B06CA4503CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_transportation:7.6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC89A6D2-20D5-4066-8F35-2936C6D0C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C823FEB8-B984-444C-A56E-4421A134754C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*",
"matchCriteriaId": "742BF86E-E5D2-4CC9-BD41-78C243995880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "173EC315-107C-47DA-ADD3-2FF91412B52E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
},
{
"lang": "es",
"value": "IBM Maximo Asset Management versi\u00f3n 7.6 podr\u00eda permitir que un usuario autenticado sustituya una p\u00e1gina de destino por un sitio de phishing, lo que permitir\u00eda al atacante obtener informaci\u00f3n muy confidencial. ID de IBM X-Force: 155554."
}
],
"id": "CVE-2018-2028",
"lastModified": "2024-11-21T04:03:36.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-06T01:29:00.227",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-10 17:15
Modified
2024-11-21 05:46
Severity ?
Summary
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/199228 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6450759 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/199228 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6450759 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | control_desk | 7.6.1.2 | |
| ibm | control_desk | 7.6.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5B811F-F8E6-4EE0-8498-0286367AEC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:control_desk:7.6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5000CCDD-F13A-4642-8469-4219CF6DB5F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228."
},
{
"lang": "es",
"value": "IBM Control Desk versiones 7.6.1.2 y 7.6.1.3, es vulnerable a un ataque de tipo cross-site scripting.\u0026#xa0;Esta vulnerabilidad permite a usuarios insertar c\u00f3digo JavaScript arbitrario en la Interfaz de Usuario Web, alterando as\u00ed la funcionalidad prevista conllevando potencialmente a una divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable.\u0026#xa0;IBM X-Force ID: 199228"
}
],
"id": "CVE-2021-20559",
"lastModified": "2024-11-21T05:46:46.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-10T17:15:07.727",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199228"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6450759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6450759"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-4056 (GCVE-0-2019-4056)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-16 17:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- File Manipulation
Summary
IBM Maximo Asset Management 7.6 Work Centers' application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
},
{
"name": "ibm-maximo-cve20194056-file-upload (156565)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/I:L/PR:L/AV:N/A:N/C:N/S:U/UI:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T00:35:18",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
},
{
"name": "ibm-maximo-cve20194056-file-upload (156565)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-03T00:00:00",
"ID": "CVE-2019-4056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 Work Centers\u0027 application does not validate file type upon upload, allowing attackers to upload malicious files. IBM X-Force ID: 156565."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880149",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880149 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880149"
},
{
"name": "ibm-maximo-cve20194056-file-upload (156565)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4056",
"datePublished": "2019-06-06T00:35:18.806739Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:34:20.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4364 (GCVE-0-2019-4364)
Vulnerability from cvelistv5
Published
2019-06-19 13:30
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:U/C:L/I:L/UI:R/A:L/AC:L/AV:N/PR:L/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T12:06:04",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-17T00:00:00",
"ID": "CVE-2019-4364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887557",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887557 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887557"
},
{
"name": "ibm-maximo-cve20194364-code-exec (161680)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/161680"
},
{
"name": "108910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4364",
"datePublished": "2019-06-19T13:30:19.753226Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T18:39:05.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20559 (GCVE-0-2021-20559)
Vulnerability from cvelistv5
Published
2021-05-10 16:20
Modified
2024-09-17 01:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Control Desk |
Version: 7.6.1.2 Version: 7.6.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6450759"
},
{
"name": "ibm-smartcloud-cve202120559-xss (199228)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199228"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Control Desk",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.1.2"
},
{
"status": "affected",
"version": "7.6.1.3"
}
]
}
],
"datePublic": "2021-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/I:L/AC:L/AV:N/PR:L/S:C/A:N/C:L/UI:R/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-10T16:20:16",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6450759"
},
{
"name": "ibm-smartcloud-cve202120559-xss (199228)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199228"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-05-07T00:00:00",
"ID": "CVE-2021-20559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Control Desk",
"version": {
"version_data": [
{
"version_value": "7.6.1.2"
},
{
"version_value": "7.6.1.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6450759",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6450759 (Control Desk)",
"url": "https://www.ibm.com/support/pages/node/6450759"
},
{
"name": "ibm-smartcloud-cve202120559-xss (199228)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199228"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20559",
"datePublished": "2021-05-10T16:20:16.761688Z",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-09-17T01:21:57.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4749 (GCVE-0-2019-4749)
Vulnerability from cvelistv5
Published
2020-04-17 13:25
Modified
2024-09-17 03:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:49.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/UI:R/AV:N/A:N/AC:L/C:L/I:L/S:C/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6193479",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6193479 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6193479"
},
{
"name": "ibm-maximo-cve20194749-xss (173308)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4749",
"datePublished": "2020-04-17T13:25:26.685011Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:22:52.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4409 (GCVE-0-2020-4409)
Vulnerability from cvelistv5
Published
2020-09-16 15:55
Modified
2024-09-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6.0 Version: 7.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.6.1"
}
]
}
],
"datePublic": "2020-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/PR:L/C:N/UI:R/I:H/A:N/AC:L/S:C/AV:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-16T15:55:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-15T00:00:00",
"ID": "CVE-2020-4409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 179537."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6333091",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6333091 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6333091"
},
{
"name": "ibm-maximo-cve20204409-gain-access (179537)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4409",
"datePublished": "2020-09-16T15:55:14.429944Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T17:59:43.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4446 (GCVE-0-2019-4446)
Vulnerability from cvelistv5
Published
2020-04-17 13:25
Modified
2024-09-16 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/AV:N/PR:L/A:N/I:L/S:U/C:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6190215",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6190215 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6190215"
},
{
"name": "ibm-maximo-cve20194446-insecure-perms (163490)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4446",
"datePublished": "2020-04-17T13:25:25.783081Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:38:35.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4429 (GCVE-0-2019-4429)
Vulnerability from cvelistv5
Published
2020-02-19 15:15
Modified
2024-09-17 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6.0 Version: 7.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.6.1"
}
]
}
],
"datePublic": "2020-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/PR:L/AC:L/C:L/S:C/UI:R/AV:N/I:L/RC:C/RL:O/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T15:15:44",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-18T00:00:00",
"ID": "CVE-2019-4429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.0"
},
{
"version_value": "7.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1489053",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1489053 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/1489053"
},
{
"name": "ibm-maximo-cve20194429-xss (162886)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4429",
"datePublished": "2020-02-19T15:15:44.172383Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:36:20.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22330 (GCVE-0-2022-22330)
Vulnerability from cvelistv5
Published
2022-09-13 20:45
Modified
2024-09-16 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Control Desk |
Version: 7.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6619739"
},
{
"name": "ibm-controldesk-cve202222330-info-disc (219126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Control Desk",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.1"
}
]
}
],
"datePublic": "2022-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/UI:N/S:U/AC:H/PR:N/C:L/A:N/I:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T20:45:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6619739"
},
{
"name": "ibm-controldesk-cve202222330-info-disc (219126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-09-12T00:00:00",
"ID": "CVE-2022-22330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Control Desk",
"version": {
"version_data": [
{
"version_value": "7.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 219126."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6619739",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6619739 (Control Desk)",
"url": "https://www.ibm.com/support/pages/node/6619739"
},
{
"name": "ibm-controldesk-cve202222330-info-disc (219126)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22330",
"datePublished": "2022-09-13T20:45:23.168583Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:54:01.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2028 (GCVE-0-2018-2028)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-17 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
},
{
"name": "ibm-maximo-cve20182028-info-disc (155554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/UI:N/S:U/C:H/AC:L/PR:L/I:N/AV:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T00:35:18",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
},
{
"name": "ibm-maximo-cve20182028-info-disc (155554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-03T00:00:00",
"ID": "CVE-2018-2028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880145",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880145 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880145"
},
{
"name": "ibm-maximo-cve20182028-info-disc (155554)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-2028",
"datePublished": "2019-06-06T00:35:18.707579Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T02:32:33.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5016 (GCVE-0-2015-5016)
Vulnerability from cvelistv5
Published
2018-03-27 17:00
Modified
2024-08-06 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T16:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-maximo-cve20155016-info-disc(106460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106460"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-5016",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22329 (GCVE-0-2022-22329)
Vulnerability from cvelistv5
Published
2022-09-13 20:45
Modified
2024-09-16 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Control Desk |
Version: 7.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6619739"
},
{
"name": "ibm-controldesk-cve202222329-info-disc (219124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Control Desk",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.1"
}
]
}
],
"datePublic": "2022-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/C:L/I:N/S:U/PR:N/AC:L/AV:N/UI:R/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T20:45:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6619739"
},
{
"name": "ibm-controldesk-cve202222329-info-disc (219124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-09-12T00:00:00",
"ID": "CVE-2022-22329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Control Desk",
"version": {
"version_data": [
{
"version_value": "7.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 219124."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6619739",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6619739 (Control Desk)",
"url": "https://www.ibm.com/support/pages/node/6619739"
},
{
"name": "ibm-controldesk-cve202222329-info-disc (219124)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22329",
"datePublished": "2022-09-13T20:45:22.231327Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:01:39.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4644 (GCVE-0-2019-4644)
Vulnerability from cvelistv5
Published
2020-04-17 13:25
Modified
2024-09-16 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/C:L/S:C/I:L/A:N/PR:N/UI:R/AV:N/E:H/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-17T13:25:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-16T00:00:00",
"ID": "CVE-2019-4644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6191583",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6191583 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/6191583"
},
{
"name": "ibm-maximo-cve20194644-xss (170880)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/170880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4644",
"datePublished": "2020-04-17T13:25:26.254254Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:01:05.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4303 (GCVE-0-2019-4303)
Vulnerability from cvelistv5
Published
2019-06-19 13:30
Modified
2024-09-16 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/C:L/I:L/S:C/A:N/AC:L/UI:R/AV:N/PR:L/RL:O/RC:C/E:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-27T13:06:08",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108912"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-17T00:00:00",
"ID": "CVE-2019-4303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10887563",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 887563 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887563"
},
{
"name": "ibm-maximo-cve20194303-xss (160949)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160949"
},
{
"name": "108912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108912"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4303",
"datePublished": "2019-06-19T13:30:19.709079Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:00:36.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4048 (GCVE-0-2019-4048)
Vulnerability from cvelistv5
Published
2019-06-06 00:35
Modified
2024-09-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
},
{
"name": "ibm-maximo-cve20194048-info-disc (156311)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6"
}
]
}
],
"datePublic": "2019-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 1.9,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/S:U/UI:N/A:N/I:N/PR:L/AV:P/AC:L/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T00:35:18",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
},
{
"name": "ibm-maximo-cve20194048-info-disc (156311)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-06-03T00:00:00",
"ID": "CVE-2019-4048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. IBM X-Force ID: 156311."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "P",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880147",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 880147 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880147"
},
{
"name": "ibm-maximo-cve20194048-info-disc (156311)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/156311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4048",
"datePublished": "2019-06-06T00:35:18.759822Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T17:59:00.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4512 (GCVE-0-2019-4512)
Vulnerability from cvelistv5
Published
2019-10-09 15:00
Modified
2024-09-17 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Maximo Asset Management |
Version: 7.6.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:47.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Maximo Asset Management",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.6.1.1"
}
]
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/I:N/C:L/S:U/UI:N/A:N/PR:L/AC:L/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:00:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-10-08T00:00:00",
"ID": "CVE-2019-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.6.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1075413",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1075413 (Maximo Asset Management)",
"url": "https://www.ibm.com/support/pages/node/1075413"
},
{
"name": "ibm-maximo-cve20194512-info-disc (164554)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4512",
"datePublished": "2019-10-09T15:00:23.883418Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:36:34.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}